In January 2023, the Anonymous affiliated hacktivist group, GhostSec, claimed on social media to have deployed ransomware to encrypt a Belarusian remote terminal unit (RTU)—a type of operational technology (OT) device for remote monitoring of industrial automation devices. The actors’ stated intention was to demonstrate support for Ukraine in the ongoing Russian invasion. Researchers, OT security professionals and media outlets analyzed the claims and concluded that the actor overstated the implications of the alleged attack.
Although there was no significant impact in this particular incident, the event highlights the increasing need for a wider discussion regarding the extent of risk hacktivists pose to OT environments. For the last several years, Mandiant has tracked various hacktivists' claims of targeting OT systems claiming physical damage as a result. Exacerbated by geopolitical tensions in different regions—such as Russia’s ongoing invasion of Ukraine—these actors have recently intensified their activity, resulting in more frequent claims and new avenues to impact targets...Read More!
