Darktrace’s Annual Threat Report 2024 revealed that our Threat Research team is conducting industry-specific research. The first of this series looks into the energy sector within the US and UK, analysing Darktrace observed incidents from across the sector, hypotheses-driven threat hunts, open source intelligence and interviews, to identify which APTs and attack vectors are targeting energy organizations, how technology (including AI) has transformed the threat landscape, and how security teams and policy makers are adapting.

Key findings:

• Technological advancement in the sector including IoT adoption, the drive towards net-zero, and IT/OT convergence, is increasing cyber risk.
• Over-dependency on a few vendors and systems, movement towards cloud operations and unmanaged assets across the supply chain increase critical dependencies within the sector.
• Phishing remains a prolific attack vector: From 2022–2024, 55% of the attacks Darktrace saw in the sector originated via email—1 in 5 phishing attempts specifically targeted VIP individuals.
• Vulnerabilities are frequently exploited in the sector: This includes common vulnerabilities and exposures (CVEs), devices without MFA, and internet-exposed IT and OT assets.
• Geopolitical tensions are driving attacks: The report includes new evidence and data showing energy infrastructure in EMEA is facing heightened threat activity, particularly from nation-state actors.
• Increase in OT focused attacks: Darktrace observed an incident on a Canadian energy provider who was targeted via an OT-specific compromise in the SCADA environment.

This paper studies the implications of these changes in discussion with stakeholders, and provides actionable next steps that industry and government can engage with to improve cyber resiliency across the sector. 
‍
With US and UK Critical National Infrastructure under increasing threat, from financially motivated threat actors looking for a quick payout to nation-state actors looking to gather intelligence or position themselves for future attacks, this research paints a clear picture of how the attack surface is shifting—and why security strategies need to evolve to keep up.