ICS threat update: Xenotime probes the power grid.
The North American Electric Reliability Corporation issued a non-public warning that Xenotime, hitherto seen in the oil and gas sector, has been conducting reconnaissance against electrical utilities (E&E News). The warning is based on research by Dragos, which says the "activity group" behind Trisis/Triton should be taken seriously but not overhyped: so far the evidence suggests reconnaissance, not yet compromise.
Border protection breach.
Photos of tens of thousands of travelers and license plates taken by US Customs and Border Protection (CBP) were stolen from a subcontractor who had collected and stored them without permission, CBP said Monday (TechCrunch). CBP isn't saying who the subcontractor is, but the Washington Post believes it was Perceptics, based on the title of the Word document CBP sent to the Post. Perceptics was hacked last month by "Boris Bullet-Dodger," who dumped hundreds of gigabytes of company files to the dark web (Motherboard). As the Register noted, Perceptics probably handles a lot of sensitive information. It's unclear if the hacks are related, and CBP says it hasn't seen any stolen photos on the dark web (Atlantic).