ICS-SCADA Archives - Page 2 of 7

Pierluigi Paganini April 15, 2024

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities in Moscow and beyond the Russian capital using a destructive ICS malware dubbed Fuxnet. The […]

Pierluigi Paganini December 09, 2023

Hacktivists hacked an Irish water utility and interrupted the water supply

Threat actors launched a cyberattack on an Irish water utility causing the interruption of the power supply for two days. Threat actors hacked a small water utility in Ireland and interrupted the water supply for two days. The victim of the attack is a private group water utility in the Erris area, the incident impacted […]

Pierluigi Paganini November 09, 2023

Russian Sandworm disrupts power in Ukraine with a new OT attack

Mandiant reported that Russia-linked Sandworm APT used a novel OT attack to cause power outages during mass missile strikes on Ukraine. Mandiant researchers reported that Russia-linked APT group Sandworm employed new operational technology (OT) attacks that caused power outages while the Russian army was conducting mass missile strikes on critical infrastructure in Ukraine in October. […]

Pierluigi Paganini November 07, 2023

Pro-Palestinian hackers group ‘Soldiers of Solomon’ disrupted the production cycle of the biggest flour production plant in Israel

Pro-Palestinian hackers group ‘Soldiers of Solomon’ claims to have hacked one of the largest Israeli flour plants causing severe damage to the operations. The Pro-Palestinian hackers group ‘Soldiers of Solomon’ announced that it had breached the infrastructure of the production plant of Flour Mills Ltd, a multinational company engaged in the processing and marketing of […]

Pierluigi Paganini October 17, 2023

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between May and September 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA). According to public sources, the threat actors targeted ICS of at […]

Pierluigi Paganini October 10, 2023

Hacktivists in Palestine and Israel after SCADA and other industrial control systems

Both pro-Israeli and pro-Palestinian hacktivists have joined the fight and are targeting SCADA and ICS systems. Both pro-Israeli and pro-Palestinian hacktivists have joined the fight in the cyber realm. Industrial control systems (ICS) seem to be one of the most lucrative targets for them, and there are hundreds exposed. After Hamas gunmen killed hundreds of […]

Pierluigi Paganini September 13, 2023

Redfly group infiltrated an Asian national grid as long as six months

A threat actor tracked as Redfly had infected the systems at a national grid located in an unnamed Asian country for six months starting in January. Symantec’s Threat Hunter Team discovered that a threat actor called Redfly used the ShadowPad backdoor to compromise a national grid in an Asian country for as long as six months earlier […]

Pierluigi Paganini September 06, 2023

MITRE and CISA release Caldera for OT attack emulation

MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems. MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. The tool is built on the MITRE ATT&CK framework, which is a widely-recognized framework for understanding and responding to cyber […]

Pierluigi Paganini August 13, 2023

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking. Microsoft Threat Intelligence researchers discovered 16 high-severity vulnerabilities, collectively tracked as CoDe16, in the CODESYS V3 software development kit (SDK). An attacker can trigger the flaw to gain remote code execution and conduct denial-of-service attacks under specific conditions, […]

Pierluigi Paganini July 14, 2023

US CISA warns of Rockwell Automation ControlLogix flaws

The U.S. CISA warns of two flaws impacting Rockwell Automation ControlLogix that can lead to remote code execution and DoS attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of two vulnerabilities affecting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and trigger a […]

ICS-SCADA

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Hacktivists hacked an Irish water utility and interrupted the water supply

Russian Sandworm disrupts power in Ukraine with a new OT attack

Pro-Palestinian hackers group ‘Soldiers of Solomon’ disrupted the production cycle of the biggest flour production plant in Israel

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Hacktivists in Palestine and Israel after SCADA and other industrial control systems

Redfly group infiltrated an Asian national grid as long as six months

MITRE and CISA release Caldera for OT attack emulation

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS

US CISA warns of Rockwell Automation ControlLogix flaws

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

200 Swedish municipalities impacted by a major cyberattack on IT provider

TransUnion discloses a data breach impacting over 4.4 million customers

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

UNC6395 targets Salesloft in Drift OAuth token theft campaign

Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775

QUICK LINKS

ICS-SCADA

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!