Raspite

RASPITE is a threat actor that focuses on initial access operations within the electric utility sector and targets entities across the US, Middle East, Europe, and East Asia. Although they have not demonstrated an ICS-specific capability to date, their recent targeting focus and methodology are clear indicators of necessary activity for potential ICS events in the future. RASPITE leverages strategic website compromise to gain initial access to target networks and deploys install scripts for a malicious service to beacon back to their controlled infrastructure, allowing remote access to victim machines. RASPITE's activity overlaps significantly with Symantec's LEAFMINER, which recently released a report on the group's activity in the Middle East. While RASPITE has not yet demonstrated an ICS capability, their targeting and methodology suggest that they may be preparing the way for later potential ICS events. Therefore, it is important for entities in the electric utility sector to be aware of this threat actor and to take appropriate measures to secure their IT networks against potential attacks. Overall, RASPITE represents a significant threat to entities within the electric utility sector. Their focus on initial access operations and broad targeting across multiple regions highlights the need for heightened awareness and proactive security measures. Entities should work to identify and remediate vulnerabilities in their systems, deploy effective threat detection and response capabilities, and stay informed about emerging threats from actors like RASPITE.