// #ot-security
7 articles
The Gentlemen Ransomware Hits Mackay Sugar — Mill Operations Shut Down as OT Systems Disrupted
The Gentlemen ransomware group has claimed an attack on Mackay Sugar, Australia's second-largest sugar producer, causing the shutdown of mill crushing operations during the critical harvest season. The attack disrupted operational technology systems controlling sugar processing at two mills in Queensland, representing a significant escalation of The Gentlemen group's targeting of OT-dependent industrial operations.
Food and Beverage Sector Ransomware: Why Critical Infrastructure Classification Has Not Improved Security Outcomes
The US food and agriculture sector was designated critical infrastructure in 2003. In 2026, ransomware attacks against it are rising 80 per cent year on year. The gap between regulatory classification and actual security maturity reflects structural problems in how cybersecurity investment decisions are made in distributed, margin-sensitive industries.
Eclipse BaSyx ICS Platform: CVE-2026-7411 CVSS 10.0 Path Traversal RCE Threatens Industrial Asset Administration
Two critical vulnerabilities in Eclipse BaSyx V2 — the open-source Industrial Internet of Things Asset Administration Shell implementation used in Industry 4.0 infrastructure — allow an unauthenticated attacker to achieve remote code execution and bypass network segmentation. CVE-2026-7411 (CVSS 10.0) enables arbitrary file write on the BaSyx server; CVE-2026-7412 (CVSS 8.6) enables blind SSRF that can bypass OT network isolation. Patches are available in BaSyx V2 milestone-10.
CISA ICS Advisory: GRASSMARLIN OT Network Visualisation Tool Vulnerability CVE-2026-6807
CISA has issued ICS advisory ICSA-26-118-01 for CVE-2026-6807, a vulnerability in GRASSMARLIN — the NSA-developed open-source network visualisation tool widely used by industrial control system operators and OT security teams to map and analyse operational technology networks. The vulnerability affects teams using GRASSMARLIN for defensive ICS visibility, creating a risk of compromise of the analyst workstations conducting that analysis.
Lotus Wiper Targets Venezuelan Energy Infrastructure in ICS-Aware Sabotage Campaign
A destructive wiper malware tracked as Lotus Wiper has been deployed against Venezuelan state energy company PDVSA and associated electricity generation infrastructure. Unlike generic wipers, Lotus Wiper includes ICS-aware modules that identify and corrupt engineering workstation configurations, HMI databases, and OT historian data before wiping. The campaign represents the most targeted wiper deployment against Latin American energy infrastructure on record.
SentinelLabs Uncovers Fast16 — NSA-Linked OT Sabotage Malware Active Five Years Before Stuxnet
SentinelLabs has published research identifying Fast16, a Lua-based OT sabotage framework compiled in 2005 that predates Stuxnet and is attributed to a US intelligence-linked operation targeting Iranian high-precision calculation software. The discovery rewrites the timeline of state-sponsored ICS sabotage and provides new technical context for understanding the development of destructive OT malware.
CISA Advisory: TPM 2.0 Out-of-Bounds Read in Siemens SIMATIC Industrial PCs (CVE-2025-2884)
CISA advisory ICSA-26-111-01 covers a TPM 2.0 out-of-bounds read vulnerability in Siemens SIMATIC CN 4100, Field PG M5/M6, and IPC BX series industrial computers. The flaw enables information disclosure or denial of service against the hardware root of trust, with direct implications for Secure Boot integrity and the trusted execution environment of industrial control systems.