Category Archive
Operational Technology (OT)
18 reports · All intelligence
Bulwark Black cyber threat intelligence filed under Operational Technology (OT).
NUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch Queue
CVE-2026-54161 in Network UPS Tools upsmon shows why UPS monitoring, notification scripts, and power-infrastructure control paths need patching, segmentation, and process monitoring.
Water Systems Are Becoming Nation-State Pressure Points
Nation-state targeting of water systems shows why exposed OT, weak credentials, remote access, and poor IT/OT segmentation remain practical business risks—not just utility-sector problems.
CL-STA-1062 Shows Critical Infrastructure Intrusions Still Start With Web Shells
Unit 42’s CL-STA-1062 report shows why defenders should focus on exposed web apps, web shells, tunneling tools, scheduled-task persistence, and egress visibility — not just the TinyRCT malware name.
Operation Escaneo Shows Latin America’s Edge Devices Are Prime Intrusion Targets
Operation Escaneo shows how financially motivated actors are turning exposed edge devices, tunnels, and privileged service accounts into full intrusion chains across Latin American government and critical infrastructure targets.
Handala’s Cal Water Claim Shows OT Defense Starts With Segmentation
Handala’s California Water Service claim is a reminder that critical-infrastructure defense starts with proving separation between billing systems, telemetry platforms, and operational technology.
Fuel Tank Gauge Attacks Show Why Small OT Still Needs Internet Exposure Control
Federal agencies warn that attackers are compromising internet-exposed automatic tank gauge systems. The lesson for SMBs, fuel operators, farms, logistics firms, and gov contractors is simple: small OT is still operational infrastructure.
Cl0p’s South Staffs Water Case Shows SOC Coverage Must Be Proven
The South Staffordshire Water breach shows why outsourced SOC coverage, legacy server risk, and vulnerability management must be proven—not assumed—for SMBs, utilities, and government contractors.
Iranian Threat Actors Target Hikvision and Dahua IP Cameras for Kinetic Strike Coordination
As Iran-Israel-US military operations escalate in the Middle East, Check Point Research and Tenable have identified a significant surge in Iranian threat actors targeting IP cameras manufactured by Hikvision and Dahua. The activity, which began spiking on February 28, 2026, coinc
60+ Pro-Iranian Hacktivist Groups Activate AI-Enabled ICS Attacks Following US-Israel Strikes
In the largest single-event activation of Iranian-aligned cyber actors ever documented, more than 60 pro-Iranian hacktivist groups became active on Telegram within hours of the February 28 US-Israel military strikes on Iran. Armed with AI tools and targeting over 40,000 internet-
Russian Cyberattacks Shift to Intelligence Gathering for Missile Strike Guidance on Ukraine Power Grid
Russian cyberattacks targeting Ukraine’s energy infrastructure have shifted focus from immediate disruption to intelligence gathering for guiding missile strikes, Ukrainian cybersecurity officials revealed at the Kyiv International Cyber Resilience Forum. Strategic Shift in Attac
Qilin Ransomware Hits Romania’s National Oil Pipeline Operator Conpet, Claims Nearly 1 TB Data Theft
Romania’s national oil pipeline operator Conpet has confirmed a cyberattack disrupted parts of its technology infrastructure and knocked its website offline earlier this week. The company operates approximately 3,800 kilometers (2,360 miles) of pipelines supplying domestic and im
Iconics Suite SCADA Vulnerability Enables Denial-of-Service Through Privileged File Operations
CVE-2025-0921 in Iconics Suite SCADA allows attackers to exploit privileged file operations to corrupt critical system binaries and crash Windows systems through symbolic link attacks.
Global Energy Systems Exposed: Widespread Cybersecurity Gaps Found in Power Grid OT Networks
A global study by OMICRON reveals critical cybersecurity weaknesses in power grid OT networks, including unpatched devices, weak segmentation, and asset blind spots that leave critical infrastructure vulnerable to attack.
CVE-2026-24061: 11-Year-Old GNU Telnetd Vulnerability Grants Instant Root Access
CVE-2026-24061 is a critical 11-year-old vulnerability in GNU InetUtils telnetd that allows unauthenticated attackers to gain instant root shell access. With a CVSS score of 9.8 and active exploitation confirmed, this flaw affects over 200,000 devices running Telnet servers globa
Poland Thwarts Russian Wiper Malware Attack on Power Plants
Source: Hackread | Author: Deeba Ahmed Poland has narrowly avoided a massive energy crisis following what officials are calling the largest cyberattack on the country in years. Between 29 and 30 December 2025, hackers attempted to break into the nation’s energy infrastructure, sp