In 2025, three new threat groups—Sylvanite, Azurite, and Pyroxene—began targeting industrial control systems (ICS) and operational technology (OT), according to a report from cybersecurity company Dragos. Sylvanite functions as an “exploitation broker,” facilitating access for another group, Voltzite, known for targeting critical infrastructure like the US electric grid. Azurite has been linked to various organizations, primarily stealing operational data from sectors including manufacturing and government, while Pyroxene specializes in cross-domain access and has utilized social engineering tactics. The emergence of these groups reflects a trend where threat actors are increasingly focused on long-term data exfiltration and preparing for potential disruptions, amid ongoing geopolitical tensions involving nations like China, Iran, and Russia.
Dragos reports three new threat groups target industrial control systems in 2025
