Threat Groups Target Cyber-Physical Systems to Disrupt Critical Infrastructure Providers

The convergence of IT and operational technology has expanded the attack surface for industrial organizations. Claroty’s analysis of more than 200 incidents shows that adversaries are bypassing traditional vulnerability‑based defenses by targeting internet‑facing human‑machine interfaces, SCADA consoles and legacy PLCs that often ship with default passwords or lack authentication. By leveraging insecure‑by‑design protocols such as Modbus, OPC-UA and VNC, threat actors can establish remote sessions without exploiting software bugs, turning misconfiguration into a weapon that directly manipulates physical processes. These weaknesses make industrial environments prime targets for rapid, high‑impact disruption.

The ongoing Iran‑Russia conflict has turned cyber‑physical sabotage into a tool of geopolitical coercion. Pro‑Russia collectives and Iran‑aligned hacktivists have been observed probing water‑treatment, food‑production and energy facilities across the United States and allied nations, often citing retaliation for Western policies. CISA’s December advisory warned of VNC‑based intrusions, while sector ISACs such as the Food and Agriculture‑ISAC have issued alerts highlighting a surge in credential‑theft campaigns. These developments underscore how state‑backed motives amplify the frequency and sophistication of OT attacks, blurring the line between cybercrime and warfare.

For operators, the report signals an urgent need to treat OT assets as critical infrastructure rather than an afterthought. Deploying network segmentation, enforcing strong credential policies, and continuously monitoring protocol traffic can close the “no‑vulnerabilities‑needed” gap exploited by attackers. Vendors are also racing to embed zero‑trust principles into PLC firmware and to provide secure remote‑access gateways. As regulators tighten reporting requirements, organizations that invest early in comprehensive OT risk management will not only reduce downtime but also protect supply‑chain continuity and national economic resilience.