Dark Web Threats Against The Energy Industry: Building A Threat Model For Energy Companies

Download the report

Our report, Dark Web Threats Against The Energy Industry, uses our proprietary intelligence to demonstrate how energy organizations are being targeted on the dark web.

Focusing in particular on how initial access to energy companies is routinely auctioned on dark web forums, this report combines analysis of threat activity over a year (February 2022 – February 2023) with practical advice on how security teams can use dark web intelligence to build threat models and improve their security.

The report demonstrates that energy companies are routinely discussed on dark web forums – in particular – by threat actors auctioning initial access to remote software, VPNs, and stolen credentials. While they are primarily exploiting corporate infrastructure, Industrial Control Systems and Operational Technology are also in the firing line.

We have therefore combined the reconnaissance we have observed over the past year with insight into how to build threat models based on dark web intelligence –  so that energy organizations can use threat intelligence to fill crucial knowledge gaps and make the right, strategic, operational and tactical decisions.


  • How cybercriminals sell initial access to energy companies on dark web forums – with real examples of posts auctioning vulnerabilities in organizations around the world.
  • What intelligence can be gathered by energy company security teams to determine if they are the organization being targeted – with advice from our threat intelligence analysts.
  • Best practice for building threat models – a process by which potential threats can be identified, enumerated, and prioritized, using the MITRE ATT&CK Enterprise Matrix framework.