Suzu Labs has just published “When Grid Data Goes Dark Web” which is new research detailing the dark web posting in Jan. 2026 of 139 gigabytes of valuable data from a U.S. power infrastructure company. The data lets an adversary identify vulnerable transmission corridors, understand redundancy patterns, and/or map critical interconnection points.
The asking price? 6.5 bitcoin (~$600K US).
The seller explicitly noted the data was “suitable for infrastructure analysis, modeling, risk assessment, or specialized research.”
What the Data Contains
The breach targeted an engineering firm that provides surveying and design services to electric utilities. The stolen files include:
- 800+ LiDAR point cloud files mapping transmission corridors
- High-resolution orthophotos of substations
- MicroStation design files with line configurations
- Vegetation analysis along rights-of-way
Suzu Labs CEO Michael Bell notes:
“For a utility or engineering firm, this is operational data. For an adversary, this is reconnaissance gold. The files map exactly where power lines run, how they’re configured, what vegetation threatens them, and where substations connect to the grid.
“This wasn’t a sophisticated attack on industrial control systems. It wasn’t a supply chain compromise or zero-day exploit. According to public reporting on the same threat actor, the likely access method was testing infostealer-harvested credentials against cloud file-sharing platforms.
“Someone at the company had their browser credentials stolen by commodity malware. Those credentials weren’t protected by MFA. This actor has listed data from 50+ organizations across 15 countries. Aviation. Healthcare. Government. Construction. Critical infrastructure is one target category among many. The common thread is opportunistic access via stolen credentials and absent MFA.”
You can read the research here: https://suzulabs.com/suzu-labs-blog/when-grid-data-goes-dark-web?hs_preview=YduZZtdF-295534203578
Like this:
Like Loading...
Related
This entry was posted on January 16, 2026 at 9:04 am and is filed under Commentary with tags Suzu Labs. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
When Grid Data Goes Dark Web: New research on critical infrastructure targeting Published By Suzu Labs
Suzu Labs has just published “When Grid Data Goes Dark Web” which is new research detailing the dark web posting in Jan. 2026 of 139 gigabytes of valuable data from a U.S. power infrastructure company. The data lets an adversary identify vulnerable transmission corridors, understand redundancy patterns, and/or map critical interconnection points.
The asking price? 6.5 bitcoin (~$600K US).
The seller explicitly noted the data was “suitable for infrastructure analysis, modeling, risk assessment, or specialized research.”
What the Data Contains
The breach targeted an engineering firm that provides surveying and design services to electric utilities. The stolen files include:
Suzu Labs CEO Michael Bell notes:
“For a utility or engineering firm, this is operational data. For an adversary, this is reconnaissance gold. The files map exactly where power lines run, how they’re configured, what vegetation threatens them, and where substations connect to the grid.
“This wasn’t a sophisticated attack on industrial control systems. It wasn’t a supply chain compromise or zero-day exploit. According to public reporting on the same threat actor, the likely access method was testing infostealer-harvested credentials against cloud file-sharing platforms.
“Someone at the company had their browser credentials stolen by commodity malware. Those credentials weren’t protected by MFA. This actor has listed data from 50+ organizations across 15 countries. Aviation. Healthcare. Government. Construction. Critical infrastructure is one target category among many. The common thread is opportunistic access via stolen credentials and absent MFA.”
You can read the research here: https://suzulabs.com/suzu-labs-blog/when-grid-data-goes-dark-web?hs_preview=YduZZtdF-295534203578
Share this:
Like this:
Related
This entry was posted on January 16, 2026 at 9:04 am and is filed under Commentary with tags Suzu Labs. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.