"The advisory is not surprising. We have observed nation-state-aligned threat groups targeting publicly exposed operational technology (OT) devices in recent years whenever there's increased geopolitical activity. The most high-profile of these campaigns was the 2023-24 operations carried out by CyberAv3ngers targeting Unitronics devices."
"In the current conflict, we have again observed a significant increase in such activity, such as what CISA recently reported. Industry groups, information sharing organizations, and vendors, including Rockwell, have been urging organizations to disconnect these devices from publicly accessible networks."
"Many of these devices are still online (in the case of Rockwell, more than 3K in North America), either because organizations are unaware they're connected or because they underestimate the risk."
Iran-linked hackers have targeted critical infrastructure organizations, specifically industrial control systems and operational technology. The US government issued a warning about attacks on programmable logic controllers made by Rockwell Automation and other vendors. These attacks have led to operational disruptions and financial losses by tampering with human-machine interfaces and supervisory control systems. Targeted sectors include government services, water, and energy. Experts recommend disconnecting vulnerable devices from public networks to mitigate risks.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]