• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 

Microsoft issues emergency patches for SharePoint zero-days exploited in "ToolShell" attacks

 | 

SharePoint zero-day CVE-2025-53770 actively exploited in the wild

 | 

Singapore warns China-linked group UNC3886 targets its critical infrastructure

 | 

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 54

 | 

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Radiology Associates of Richmond data breach impacts 1.4 million people

 | 

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

 | 

Authorities released free decryptor for Phobos and 8base ransomware

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Hacking
  • ICS-SCADA
  • Security
  • MITRE and CISA release Caldera for OT attack emulation

MITRE and CISA release Caldera for OT attack emulation

Pierluigi Paganini September 06, 2023

MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems.

MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. The tool is built on the MITRE ATT&CK framework, which is a widely-recognized framework for understanding and responding to cyber threats.

“Without further ado, the MITRE Caldera team is proud to announce the release of Caldera™ for OT; a collection of Caldera plugins that provide support for common industrial protocols.” reads the announcement for the product. “The initial release includes support for BACnet, Modbus, and DNP3 protocols.”

Caldera can be used to automate a variety of security assessments, including:

  • Red teaming: This is a simulated attack on an organization’s systems and networks to identify and assess vulnerabilities.
  • Blue teaming: This is the process of defending an organization’s systems and networks from attack.
  • Purple teaming: This is a collaborative approach to security that brings together red and blue teams to work together to improve an organization’s security posture.

MITRE and CISA have announced the availability of Caldera for OT, a new extension, to allow security teams to emulate attacks targeting operational technology systems.

“A collection of plugins that extend Caldera to the Operational Technology (OT) environment.” reads the description of the plugin published on GitHub. “This repository contains all the Caldera for OT plugins as git submodules. As described in each individual plugin README, it is also possible to git clone a specific protocol plugin directly into the Caldera plugins directory, following the “Installation” guidance.”

Caldera for OT extension was developed in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI) and CISA.

HSSEDI and CISA collaborated on automated adversary emulation simulations conducted at the CISA’s Control Environment Laboratory Resource (CELR).

“The Control Environment Laboratory Resource (CELR) is an environment for government and private industry partners to experience the possible effects of kinetic cyber-physical attacks. CELR allows users to perform security research on industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. CELR is a test range that uses multiple platforms capable of hosting simulated risk scenarios against real critical infrastructure (CI) processes.” 

“Protecting our nation’s critical infrastructure is essential. With Caldera for OT, we are pleased to partner with CISA to help defenders of operational technology exercise and improve the defenses of these critical systems,” said Yosry Barsoum, vice president and director, Center for Securing the Homeland at MITRE.

“Continued cyber threats to OT systems require a concerted focus on supporting the critical infrastructure community with actionable tools and resources,” said Eric Goldstein, executive assistant director for cybersecurity at CISA. “Through our ongoing collaboration with HSSEDI, we are leveraging our collective expertise and resources to develop innovative measures that safeguard critical systems. Caldera for OT, as well as CELR, can help critical infrastructure owners and operators protect their systems against emerging threats.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, MITRE)


facebook linkedin twitter

CISA Hacking hacking news information security news IT Information Security MITRE OT Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini July 24, 2025
U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog
Read more
Pierluigi Paganini July 23, 2025
U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

    Hacking / July 24, 2025

    U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

    Hacking / July 23, 2025

    Sophos fixed two critical Sophos Firewall vulnerabilities

    Security / July 23, 2025

    French Authorities confirm XSS.is admin arrested in Ukraine

    Cyber Crime / July 23, 2025

    Microsoft linked attacks on SharePoint flaws to China-nexus actors

    APT / July 23, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT