Post

Dragos sounds alarm over cyberattacks targeting distributed energy and industrial microgrids

Posted
By ictsec.pl
1 min read

Industrial cybersecurity company Dragos identified that distributed energy resources (DERs) and microgrids are transforming how power is generated and consumed across industries. Electric utilities are integrating solar, wind, and storage at scale. Manufacturers, oil and gas operators, and data centers are adopting on-site microgrids to cut costs and ensure uptime. This shift expands resilience, but it also expands the cyber attack surface.

“Adversary groups from VOLTZITE to botnet and ransomware operators are already targeting DER and microgrid assets,” Scott Bear wrote in a company blog post last week. “Common weaknesses, such as internet-exposed controllers, insecure vendor remote access, and unmonitored industrial protocols, provide multiple paths for disruption.”

Bear further identified several recurring conditions that make DER and microgrids attractive targets for cyberattacks. Renewable assets are geographically distributed and often lack adequate physical or cyber protection. Remote access through vendor and OEM portals, while essential for support, introduces third-party risk when left unsecured. Firmware vulnerabilities also pose a significant concern, as malicious updates can disable devices or implant persistent threats, with limited mechanisms available to verify firmware integrity.

Many DER devices continue to operate with legacy configurations, including default credentials, outdated firmware, plaintext credential transmission, and unencrypted communications. Protocol dependence adds another layer of risk, as standards such as IEC 61850, DNP3, and Modbus, though vital for system integration, can be exploited for unauthorized shutdowns or misconfigurations. Shared ownership further complicates security, since residential and commercial DERs that operate outside of utility control can still affect grid stability, particularly during high-demand periods. These vulnerabilities align closely with adversary tactics observed in real-world attacks, enabling persistence, disruption, and data theft when exploited.

To read the complete article see: Dragos sounds alarm over cyberattacks targeting distributed energy and industrial microgrids

Apply for our next conference in Kuala Lumpur on December 9th and 10th, 2025 at Rise Malaysia

INFRASTRUCTURE
CYBERSECURITY ENERGY MICROGRIDS CYBERATTACKS
This post is licensed under CC BY 4.0 by the author.