El Paso Electric
Breach Analysis

• 2023-11-08

  Incident detected — administrative systems disrupted
• 2023-11-10

  IT systems isolated; forensic review initiated
• 2023-12-01

  Scope determined: 25,000 customers and employees
• 2023-12-20

  Notification letters sent; regulators informed

How they got in

Ransomware targeting administrative IT systems. Operational technology infrastructure reported isolated and unaffected. Initial vector under investigation — phishing or exposed service suspected based on TTPs.

Sentinel / Fortress / Command coverage

Sentinel ($89/ep/mo) — 24/7 SOC + SIEM. Fortress ($109/ep/mo) — Sentinel + EDR management + vulnerability management. Command ($129/ep/mo) — Fortress + vCISO + compliance mapping + IR plan. See full tier comparison →

Regulatory exposure

5-point hardening list

• 1
  Administrative/OT air gap: validate and document separation; verify no lateral path from admin network to SCADA
• 2
  NERC CIP asset categorization: classify all IT/OT assets by BES Cyber System impact level
• 3
  Ransomware resilience: offline backup of all administrative systems; restore-tested quarterly
• 4
  Email security: advanced threat protection with sandbox detonation for all attachments to admin staff
• 5
  Incident response coordination plan: utility-specific playbook with CISA, ERCOT, and PUCT notification chain

• → El Paso Electric regulatory filings
• → CISA Energy Sector Advisories
• → DataBreaches.net

CoreRecon cites verifiable public sources only. No speculation on unverified attribution is published. Threat actor attribution appears only where publicly confirmed by law enforcement or the organization.