Recent public research indicates the group responsible for the CRASHOVERRIDE (a.k.a., Industroyer) malware used to disrupt the Ukrainian electric grid in 2016 is expanding its target set, reportedly to include organizations in the water and wastewater sector. Additionally, the group is no longer solely geographically focused on targets within the Ukraine. CRASHOVERRIDE is one of only three families of malware publicly known to specifically target ICS. Industrial cybersecurity firm Dragos tracks this activity as ELECTRUM, and considers it to be one of the most competent and sophisticated threat activity groups currently in the ICS industry. ELECTRUM activity is notable due to its capabilities to develop sophisticated ICS-focused malware and ability to maintain long-term persistence within a victim network. While ELECTRUM’s exploitation tactics are not fancy, they are effective. The group does not rely on advanced exploits or zero-day vulnerabilities to break-in to systems, but instead leverages common exploitation methods like using stolen credentials to execute malcode. SecurityWeek.