How Hackers Are Targeting Energy Industry Tech And What You Can Do About It



Did you know that the energy industry was the number one most targeted marketplace in 2019 suffering 16% of cyber incidents? You see, wide-spread technological adoption within the energy industry has led to growing attacks on companies in the sector. How are hackers penetrating network systems and what can you do to mitigate risk and secure your own internal structures?

What are the reasons for cyberattacks in the energy industry?

The motives behind the energy industry cyberattacks fall into several categories: ransomware, espionage, disruption of service, and manipulation by countries. With ransomware, hackers encrypt important files until they receive payment from the energy company.

Espionage involves the siphoning of information that can be later used to manipulate the company or country. Disruption of service can occur when these hackers shut down parts of the company until their demands are met.

Loopholes hackers are exploiting to attack the energy sector

As power companies become more digitized, relying on new technologies such as cloud computing, artificial intelligence, and robotics, this opens them up to further exploitation by hackers.

Hackers take advantage of unpatched systems, lack of qualified security experts, and outdated servers to carry out their malicious plans. However, the biggest vulnerability that hackers can rely on are employees not attuned to the dangers of cybercrime.

It is these employees to whom hackers send repeated targeted emails containing infected links during energy industry cyberattacks.

The types of cyberattacks hackers are carrying out

There are various techniques in operation at the moment. These include the use of brute force, deep fake videos, and the more popular phishing emails that contain harmful attachments. 46.8% of the attacks carried out on the energy sector involve malicious links, 31.4% malicious attachments, and 21.5% phishing.

The most notorious energy industry hacker groups

Today’s cybercriminals are professionals offering cybercrime-as-a-service on the dark web. At the bidding of governments or secret services, these organized hacker groups are ready to compromise the state infrastructure of countries as was witnessed in December 2015 when Russian hackers paralyzed a Ukrainian power plant in the Ivano-Frankivsk region leading to a blackout that lasted several hours.

The three most notorious hacker groups in the energy industry who have committed the worst types of energy industry cyberattacks are Dragonfly, APT19, and Magic Hound.


In June 2017, on election day, the British government got a serious shock when the country’s energy system suffered a colossal cyberattack. Dragonfly hackers obtained an entryway into state energy networks via a phishing email.


Chinese-based APT19 has been repeatedly named as one of the most aggressive hacker groups that threaten the U.S. energy sector.

In their ICIT Briefing: The Energy Sector Hacker Report, authors James Scott and Drew Spaniel discuss APT 19 in great depth. APT 19 is a robust group that operates under numerous aliases including Black Vine, Kung Fu Kitten, Shell Crew, and Deep Panda.

Scott and Spaniel mention various APT 19 incidents in the U.S. including the 2015 OPM breaches, Anthem healthcare network attack, United Airlines ambush, and the incident on the Unites States Office of Personnel Management.

Magic Hound

Magic Hound is an Iran-linked cyber-espionage group whose main activities revolve around blitzing energy, technological and government sectors that work with Saudi Arabia or do business with the country.

How you can protect your company

Cybeta provides predictive, pre-emptive, powerful, cybersecurity solutions designed by U.S. intelligence trained personnel. Get robust protection from our Threat Beta, Threat Alpha, and Cybeta Overwatch software. Contact us to schedule a demo or to discuss a structured security plan.