top of page
man holding laptop in office

IT / OT Security News

Headlines: 2024

October 21, 2024

Russian group’s hack of Texas water system underscores critical OT cyber threats

Cybersecurity threats to water utilities have accelerated in 2024 as Iranian, Chinese, and Russian threat actors increasingly target these critical systems.

October 11, 2024

OpenAI Says Iranian Hackers Used ChatGPT to Plan ICS Attacks

OpenAI has disrupted 20 cyber and influence operations this year, including the activities of Iranian and Chinese state-sponsored hackers.

October 9, 2024

American Water Cyberattack Renews Focus on Protecting Critical Infrastructure

A cyberattack continues to affect the largest regulated water and wastewater utility company in the US, renewing a focus on the importance of protecting critical infrastructure sites.

September 25, 2024

CISA warns of continuing attacks on water systems after Kansas town reports incident

Government-run water systems are still at risk of attack by cybercriminals and nation-states, according to a new advisory from the U.S.’s top cybersecurity agency.

September 24, 2024

Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities

Nearly a decade has passed since the cybersecurity community started warning about automatic tank gauge (ATG) systems being exposed to remote hacker attacks, and critical vulnerabilities continue to be found in these devices.

September 12, 2024

Chinese-made port cranes in US included 'backdoor' modems, House report says

A newly released congressional examination found that China placed various technological backdoors into ship-to-shore cranes that could give access to the machines.

September 11, 2024

Remote Access Sprawl Strains Industrial OT Network Security

A veritable grab bag of tools used to access critical infrastructure networks are wildly insecure, and they're blobbing together to create a widening attack surface.

September 6, 2024

How critical IT-OT security issues can threaten Asia’s race to reindustrialization

Digital transformation progress in Asia Pacific (APAC) has been rapid, reflecting a growing digital native population and increasingly tech-savvy businesses.

September 6, 2024

In Other News: US Army Hacks Buildings, X Hiring Cybersecurity Staff, Bitcoin ATM Scams

Noteworthy stories that might have slipped under the radar: US Special Forces can hack buildings, X is hiring cybersecurity staff, and FTC warns of Bitcoin ATM scams.

August 29, 2024

Old CCTV cameras provide a fresh opportunity for a Mirai botnet variant

A bug in closed-circuit TV cameras is the latest example of a previously unidentified vulnerability that hackers are exploiting in internet-facing devices, adding them to botnets that can be used to disrupt websites with junk traffic.

August 8, 2024

Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption

Vulnerabilities found in solar power systems could have been exploited by hackers to cause disruption and possibly blackouts.

August 7, 2024

Switzerland: Cow and calf die after cyberattack

A ransomware attack in Switzerland ends tragically for a cow and her calf.

July 23, 2024

FrostyGoop malware left 600 Ukrainian households without heat this winter

Researchers discovered a new malware variant likely used in an attack this January against an energy company in western Ukraine that left 600 households without heat amid freezing temperatures.

July 5, 2024

Operational technology cyberattacks on the rise: survey

Based on data from a 2023 global survey of more than 550 professionals in the Operational Technology field* about IT and cybersecurity in the 12 months prior to the poll, several key findings were disclosed.

June 12, 2024

CISA Urges Administrators To Review Newly Released Six ICS Advisories

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a call to action for administrators and security professionals to review six newly released Industrial Control Systems (ICS) advisories.

May 21, 2024

EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems

The US Environmental Protection Agency (EPA) on Monday issued an enforcement alert to outline the measures needed to protect drinking water systems against cyber threats.

May 15, 2024

Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks

Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions.

May 7, 2024

Colonial Pipeline attack: lessons from the last 3 years

What lessons have the US and Asia Pacific nations learnt from the cyberattack three years ago? What has been done to address such cyber-defense needs? Can more be done?

May 5, 2024

9 recent cyber attacks on the water and wastewater sector

The majority of organisations, of any type, prefer not to publicly report their incidents, so the reality is that more attacks are occurring than we hear about.

May 2, 2024

Russian Hackers Target Industrial Systems in North America, Europe

Government agencies from the United States, Canada and the United Kingdom are providing recommendations to critical infrastructure organizations following a series of attacks launched by apparent pro-Russia hacktivists against industrial control systems (ICS) and other operational technology (OT) systems.

April 23, 2024

Russian hackers target 20 energy facilities in Ukraine amid intense missile strikes

The Kremlin-controlled hacker group Sandworm has targeted nearly 20 energy facilities in Ukraine this spring, possibly to amplify the impact of intense Russian missile and drone strikes on critical infrastructure.

April 18, 2024

FBI says Chinese hackers preparing to attack US infrastructure

Chinese government-linked hackers have burrowed into U.S. critical infrastructure and are waiting "for just the right moment to deal a devastating blow," FBI Director Christopher Wray said on Thursday.

April 17, 2024

Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities

Cyber Army of Russia Reborn, a group with ties to the Kremlin’s Sandworm unit, is crossing lines even that notorious cyberwarfare unit wouldn’t dare to.

April 17, 2024

Recent OT and Espionage Attacks Linked to Russia’s Sandworm, Now Named APT44

Google Cloud’s Mandiant on Wednesday published a new report summarizing some of the latest activities of Russia’s notorious Sandworm group, which it has started tracking as APT44.

April 4, 2024

New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector.

April 3, 2024

Number of Chinese Devices in US Networks Growing Despite Bans

An analysis conducted recently by cybersecurity firm Forescout shows that the number of Chinese-manufactured devices present in US networks has been increasing over the past year, despite efforts to prevent the use of such products due to security concerns.

March 12, 2024

Exploited Building Access System Vulnerability Patched 5 Years After Disclosure

Vulnerabilities affecting a Nice Linear physical access product, including an exploited flaw, patched five years after their disclosure.

March 4, 2024

South Korea says semiconductor industry targeted by cyber-spies from North

North Korean hackers breached at least two South Korean microchip equipment companies in recent months, stealing product design drawings and facility site photos, according to South Korea’s spy agency.

March 4, 2024

Hikvision Patches High-Severity Vulnerability in Security Management System

Chinese video surveillance equipment manufacturer Hikvision has announced patches for two vulnerabilities in its security management system HikCentral Professional.

February 22, 2024

US Government Issues Guidance on Securing Water Systems

The US government on Wednesday released new guidance on the actions that water and wastewater (WWS) sector entities should take to improve the resilience of their networks to cyberattacks.

February 21, 2024

Executive Order on Port Cybersecurity Points to IT/OT Threat Posed by Chinese Cranes

The White House announced on Wednesday that the Biden-Harris administration is issuing an executive order to boost the cybersecurity of US ports, highlighting the risks posed by the use of cranes made by China.

February 13, 2024

German battery maker Varta says five plants hit by cyberattack

German battery maker Varta's (VAR1.DE), opens new tab five production plants were hit by a cyberattack on Feb. 12, the company said late on Tuesday, adding that the extent of the damage had yet to be determined.

February 7, 2024

Chinese hackers hid in US infrastructure network for 5 years

The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies.

February 2, 2024

US Slaps Sanctions on ‘Dangerous’ Iranian Hackers Linked to Water Utility Hacks

The US government slaps sanctions against six Iranian government officials linked to cyberattacks against Israeli PLC vendor Unitronics.

January 30, 2024

US Disrupted Chinese Hacking Operation Aimed at Critical Infrastructure: Report

The news giant learned from unnamed Western security officials and one person familiar with the matter that the FBI and the Justice Department have been authorized to remotely disable some aspects of a Chinese cyber operation named Volt Typhoon, which has been known to target critical infrastructure.

January 12, 2024

Vulnerability affecting smart thermostats patched by Bosch

German technology manufacturer Bosch fixed a vulnerability affecting a popular line of smart thermostats in October, the company disclosed this week.

January 10, 2024

Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

January 8, 2024

Lebanon Airport Screens Display Anti-Hezbollah Message After Being Hacked

The information display screens at Beirut’s international airport were hacked by domestic anti-Hezbollah groups Sunday, as clashes between the Lebanese militant group and the Israeli military continue to intensify along the border.

January 3, 2024

Firmware prank causes LED curtain in Russia to display ‘Slava Ukraini’ — police arrest apartment owner

The owner of an apartment in Veliky Novgorod in Russia has been arrested for discrediting the country’s armed forces after a neighbor alerted the police to the message ‘Slava Ukraini’ scrolling across their LED curtains.

bottom of page