Infrastructure Destruction Squad
Intelligence Profile
Dark Engine has emerged as a significant threat actor targeting industrial control systems and SCADA systems in sectors such as metallurgy and food processing. The group has conducted multiple ICS-targeted incidents, with a pronounced operational surge in June 2025. Additionally, Dark Engine is involved in a campaign that embeds fraudulent CAPTCHA prompts into legitimate WordPress sites, utilizing SEO poisoning to harvest login credentials. Reports also indicate a data leak from Dark Engine that exposed sensitive phone data in the U.S.
Threat Analysis
Infrastructure Destruction Squad is a advanced-sophistication threat actor attributed to Russia, engaged in cyber operations with a primary motivation of espionage.
The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.
Classified as an advanced threat actor, Infrastructure Destruction Squad likely develops or acquires zero-day exploits, employs custom malware toolchains, and demonstrates long-term persistence capabilities — hallmarks of a well-resourced operation consistent with nation-state backing.
Known Campaigns
Infrastructure Destruction Squad is a espionage threat actor attributed to Russia. Dark Engine has emerged as a significant threat actor targeting industrial control systems and SCADA systems in sectors such as metallurgy and food processing. The group has conducted multiple ICS-targeted incidents, with a pronounced operational surge in June 2025. Additionally,...