Cyber attacks targeting organizations in the energy sector are a growing global threat. Recent years have seen firms in sub-sectors like electricity generation and distribution, oil, and gas facing increasingly sophisticated attacks. With more than a decade of experience monitoring the external attack surface across all critical infrastructure sectors, LookingGlass reviewed the past year of cyber threats and attacks to the energy sector, sharing this information in this Energy Sector Threat Brief. Below are a few highlights from the report.


LookingGlass found a diverse range of actors targeting the energy sector. Among those were state sponsored “advanced threat” actors (APTs), cyber criminal groups, hacktivists, and ideologically motivated hackers.

LookingGlass was able to identify attacks on energy sector organizations in Russia, Iran, China, and North Korea by known-APT groups. These attacks might be extensions of foreign policy directives seeking to punish perceived adversaries or focused on the theft of sensitive information to further domestic interests.


While energy sector firms are spread out across the globe and operate in every country, many are concentrated in the Gulf Cooperation Council (GCC), which makes up some of the world’s largest oil and natural gas producers. An uptick in cyber activity targeting GCC countries, including domestic energy firms and their suppliers often headquartered outside of the GCC12 has been observed, but attacks were not limited to the Middle East. 

After the massive Colonial Pipeline attack that took place in 2020, multiple sources reported links between REevil groups and DarkSide. In 2018, the U.S. Department of Homeland Security and FBI warned that hacking groups with ties to the Russian government have targeted energy and other critical infrastructure firms in the U.S. While there have been few documented cyber-physical attacks on U.S. energy sector firms, reports from the Department of Homeland Security suggest that “hundreds” of attacks on U.S. electric utilities may have given Russia-linked groups the ability to disrupt the operation of the U.S. grid. 


A rarity only a decade ago, attacks targeting energy sector firms are now happening with growing frequency both in the Middle East (GCC countries), Europe, and North America. Energy sector cyber attacks often resemble attacks in other sectors; however, a growing number of attacks are targeting operational technology (OT) networks via industrial control and SCADA systems.

Energy sector firms also must worry about cyber criminal groups looking to leverage disruptive malware like ransomware and bots for quick gain, and ideologically motivated hacktivists intent on damaging the firm’s brand and – potentially – its operations.


Download the complete brief, Energy Sector Threat Brief to learn more about LookingGlass’s findings. For energy sector organizations interested in better understanding their cyber risk, developing mitigations, improving defenses, and supporting their threat hunting efforts should contact LookingGlass.  

Contact Us