Hacktivists Shift Tactics to Critical Infrastructure Attacks
The cybersecurity threat landscape is changing fast. Hacktivist groups target ICS systems more frequently now, moving beyond website defacements and DDoS attacks. Their new focus is industrial control systems, which power vital infrastructure and services.
In the second quarter of 2025, attacks on ICS systems and critical data access made up 31% of hacktivist activities. This marks a rise from 29% in the previous quarter, signaling a more strategic and dangerous direction.
The growing involvement of Russia-linked groups has also transformed the scene. Groups like Z-Pentest are now leading the charge, attacking essential services that directly impact national security and economies.
Z-Pentest and Dark Engine Lead ICS Targeting Efforts
Z-Pentest launched 38 ICS-focused attacks in Q2 2025, up from just 15 in the first quarter. Their efforts have mainly targeted Europe’s energy infrastructure, causing major concern across the continent.
Another rising threat is Dark Engine, also known as the “Infrastructure Destruction Squad.” This group conducted 26 ICS intrusions in Q2 alone, with a sharp increase in June.
One of their most notable attacks involved hijacking a SCADA system that controls a high-temperature furnace in Vietnam. It shows how capable these groups are of causing real-world industrial disruption.
Hackers Use Screenshots and Target SCADA Controls
These hacktivist groups target ICS systems using advanced techniques. Z-Pentest records video footage of their intrusions and posts it online to create fear. Their tactics are not only technical but also psychological.
Dark Engine uses vulnerabilities in human-machine interfaces (HMI) and SCADA systems. They focus on industries like ceramics, cement, and food production. Their success shows deep knowledge of ICS protocols and control environments.
As cyber attackers grow more advanced, protecting critical infrastructure becomes more urgent than ever. Nations and industries must improve their defenses against these targeted, data-driven threats.
