Energy and utilities cyber threats escalate as ransomware and APT activity rise, Cyfirma reports - Industrial Cyber

New data from Cyfirma's Q1 2026 Energy & Utilities Industry Report reveals a significant escalation in cyber threats targeting the sector. Energy and utilities organizations were involved in 43% of observed advanced persistent threat (APT) campaigns (six out of 14), a sharp rise from 13% in the previous period. Ransomware victim counts in the sector surged by 63.6%, rising from 44 to 72 victims over the last quarter. The majority of activity is attributed to China-linked groups (Stone Panda, Volt Typhoon, APT41, APT27, Hafnium, Earth Estries, Salt Typhoon, MISSION2074), followed by Russian, North Korean (Lazarus Group), and Iranian (Oilrig) actors. Geographic targeting is widespread, with the highest victim concentrations in the U.S., Japan, India, South Korea, and Australia. Recent concrete incidents include a coordinated destructive cyberattack on December 29, 2025, against more than 30 wind, solar, and combined heat and power facilities in Poland using wiper malware. Additionally, Romania's oil pipeline operator Conpet was recently targeted in a cyberattack. Vulnerability disclosures highlight persistent remote code execution risks and a sharp increase in denial-of-service (DoS) vulnerabilities, emphasizing the growing threat to operational technology (OT) and critical infrastructure availability.