Between January and July, multiple incidents have been reported, showing that ransomware attacks on OT environments continue to rise. Because OT systems are deeply interconnected, these attacks have become increasingly effective at disrupting operations both directly and indirectly. At the same time, APT and ransomware groups are exploiting newly discovered vulnerabilities in perimeter devices to gain initial access. Meanwhile, ICS malware has become a matter of growing concern since FrostyGoop emerged in 2024 as the first ICS malware to directly target OT environments.
The threat intelligence research team at TXOne Networks has analyzed these developments and compiled their findings in this publication, which includes:
- An up-to-date overview of the cyber threat landscape as of July 2025, featuring incident data that drives home how the adaptability of threat actors necessitates robust cyber defenses for OT environments in critical infrastructure.
- An in-depth analysis of active ransomware groups and their techniques, with a focus on advanced evasion tactics that are deliberately designed to prolong the time required for analysis.
An examination of the rising risk of ICS malware, which often evades traditional detection methods. Since newly developed ICS malware lacks clear indicators prior to discovery, defense must rely instead on understanding threat actor TTPs and implementing multi-layered protection mechanisms to mitigate potential impact.
