Cybercrook claims to be selling infrastructure info about three major US utilities
Summary
A criminal claims to have breached Pickett USA, a Florida-based engineering firm, and is offering roughly 139 GB of allegedly stolen engineering data for 6.5 bitcoin (about $585,000). The files are said to concern active projects for Tampa Electric Company, Duke Energy Florida and American Electric Power.
The dataset the crook advertises reportedly includes 800+ raw LiDAR point-cloud files (.las), orthophotos (.ecw), MicroStation design files, vegetation feature files (.xyz) and full transmission-corridor and substation coverage — material the seller describes as suitable for infrastructure analysis and risk assessment. Four sample files were offered as proof.
Pickett USA declined to comment; Duke Energy says it is investigating; the other utilities did not respond. The same actor is also offering an alleged Enerparc AG internal database containing solar-project details in Spain.
Key Points
- Seller claims to be offering ~139 GB of engineering data from Pickett USA for 6.5 BTC (~$585k).
- Alleged contents include 800+ LiDAR .las files, high-resolution orthophotos, MicroStation files and vegetation feature data covering transmission corridors and substations.
- Named utilities allegedly affected: Tampa Electric Company, Duke Energy Florida and American Electric Power; Duke is investigating the claim.
- Pickett USA provides transmission/distribution design, surveying, aerial mapping and LiDAR services to utilities and mining clients.
- The same threat actor is reportedly selling an alleged internal database from Germany’s Enerparc AG containing solar-project details.
- Incidents like this underline a rising trend of criminals and nation-state actors targeting critical infrastructure and OT environments.
Why should I read this?
Because if you care about keeping the lights on (and who doesn’t?), this is the sort of mess that can make life very awkward for utilities and customers. The piece gives you the who, what and why — quick and dirty — so you know the scale, the claimed data types, and which companies are named without wading through the dark web yourself.
Context and relevance
This story sits squarely in the broader trend of increasing attacks on critical infrastructure. Engineering and mapping files (LiDAR, orthophotos, design files) can materially aid attackers planning disruptive operations against power networks or preparations for physical attacks. Recent warnings from security teams and government agencies — and previous campaigns attributed to state-backed groups and financially motivated gangs — make such alleged leaks particularly concerning.
For security teams, OT owners and regulators, the article is a reminder to harden supply-chain partners and contractors (like engineering firms), because compromised third parties can expose detailed operational geometry and project plans that attackers can exploit.
Author style
Punchy — the write-up highlights the seriousness without overcooking the drama. If you’re responsible for infrastructure security, read the details; they matter. If you’re a general reader, consider this a helpful heads-up about an ongoing threat vector.