The article says Dragos has identified **three new OT threat groups—Azurite, Pyroxene, and Sylvanite—**showing that attacks on industrial systems are becoming more organized and more dangerous. According to the report, these groups are not just scanning networks anymore; they are moving closer to actions that could affect real-world operations. Azurite is described as a group that steals engineering and process data from OT environments, Pyroxene as a group tied to supply-chain intrusion, espionage, and destructive behavior, and Sylvanite as an initial-access actor that quickly exploits internet-facing systems and then hands that access to other attackers. Together, they raise the total number of OT-related groups tracked by Dragos to 26, with 11 active during 2025.

A key message of the article is that industrial cyber threats are becoming more specialized. Instead of one group doing everything, one actor may break in first, another may steal OT-specific information, and another may try to move toward disruption. The piece also highlights ongoing activity by older groups such as Voltzite, Kamacite, Electrum, and Bauxite, including campaigns against utilities, industrial routers, and other critical infrastructure. In simple terms, the article argues that attackers are learning how industrial environments really work, which makes future disruption more plausible unless organizations improve visibility, monitoring, and basic OT security controls.

‍

Source: https://industrialcyber.co/reports/dragos-tracks-three-new-ot-threat-groups-as-industrial-adversaries-move-toward-real-world-disruption/