• Dragos 9th Annual Report reveals three new OT/ICS threat groups active in 2025. • Sylvanite rapidly weaponizes n‑day vulnerabilities, enabling Voltzite to infiltrate critical infrastructure. • Sylvanite exploits Ivanti VPN flaws within 48 hours, installs web shells on F5 appliances. • Targets span power, oil & gas, water, manufacturing, and public administration worldwide. • Azurite linked to Chinese threat groups, steals operational data from manufacturing, automotive, defense. • Attribution remains difficult; overlapping activity does not confirm single entity.
Article Summaries:
- Three new threat groups started targeting industrial control systems (ICS) and other operational technology (OT) in 2025, according to a new report from cybersecurity company Dragos. The security firm’s 9th annual Year in Review OT/ICS Cybersecurity Report shows that of the total of 26 threat groups tracked by Dragos, 11 were active in 2025. Three of them are newly added to the list: Sylvanite, Azurite, and Pyroxene. Sylvanite appears to act as a “rapid exploitation broker” that enables the group named Voltzite to access critical infrastructure. Voltzite is known for gaining long-term access t
Sources: