Transmission lines stand at the American Electric Power Co. (AEP) coal-fired John E. Amos Power Plant at dusk in Winfield, West Virginia, U.S., on Wednesday, July 18, 2018. American Electric Power Co., Duke Energy Corp., and others say they can't recoup money they spent to meet requirements to cut mercury and other air toxics from their facilities and therefore want the Environmental Protection Agency (EPA) to retain the Mercury and Air Toxics Standards (MATS) rule as is.

(Bloomberg) — A group of hackers that shut down a Saudi Arabian oil and natural gas facility in 2017 is now targeting electric utilities, according to the cybersecurity company Dragos Inc.

The group, Xenotime, has been probing utilities in the U.S. and Asia-Pacific regions since late 2018, Hanover, Maryland-based Dragos said in a blog post Friday. They’ve focused mostly on electronic control systems that manage the operations at industrial sites, Dragos said.

U.S. officials have long warned grids are acutely vulnerable to cyber attacks. Disrupting a region’s electrical infrastructure could cause widespread chaos, triggering blackouts and crippling financial markets, transportation systems and more.

“While none of the electric utility targeting events has resulted in a known, successful intrusion into victim organizations to date, the persistent attempts, and expansion in scope is cause for definite concern,” Dragos said in its post.

The blog said the attackers appear to be probing for weaknesses in the U.S power systems — a step to be considered far less serious than an actual attack — and there is so far no evidence of “a known, successful intrusion.”

Xenotime gained notice after a 2017 malware attack on a Saudi Arabian petrochemical facility, Dragos said. The attackers targeted safety systems to cause “loss of life or physical damage,” according to the blog post.

–With assistance from Michael Riley.

To contact the reporter on this story: Will Wade in New York at

To contact the editors responsible for this story: Lynn Doan at, Joe Ryan, Pratish Narayanan