ICS cybersecurity firm Dragos is tracking a threat group they dub RASPITE, that is currently actively targeting U.S. electric organizations. RASPITE’s primary focus is on ICS-operating entities; however, the group has not yet demonstrated any capability to disrupt or destroy ICS-specific operations. The group’s primary tactics include strategic web compromise (a.k.a., watering hole) and Windows credential harvesting. Symantec is also tracking this group as Leafminer, and released a report last week regarding their Middle East activity. RASPITE’s current targeting focus and methodology is common with other similarly ICS-focused adversary groups that initially target the IT network to prepare for follow-up ICS compromises. Dragos.