// #ot
4 articles
Iranian-Affiliated Hackers Target US Water, Energy and Government Facilities via Internet-Exposed PLCs
A joint advisory from CISA, FBI, NSA, and the Department of Energy warns that Iranian-affiliated APT actors have been compromising internet-facing programmable logic controllers at water utilities, energy facilities and local government sites since at least March 2026. Operators should treat any internet-exposed OT device as potentially compromised and implement immediate network isolation.
CISA Publishes Dual ICS Advisories Covering Critical Flaws in Rockwell and Siemens OT Products
CISA released two industrial control system advisories on 31 March — ICSA-26-090-01 and ICSA-26-090-02 — covering critical and high-severity vulnerabilities in Rockwell Automation ControlLogix and Siemens SIMATIC S7 products. The advisories follow a pattern of stepped-up CISA ICS disclosure activity in March and arrive against a backdrop of active Iranian-affiliated targeting of operational technology environments.
German Police Physically Visit Companies to Warn of Critical PTC Windchill RCE — No Patch Available
A critical unauthenticated remote code execution vulnerability in PTC Windchill and FlexPLM — industrial PLM software used across manufacturing, aerospace, and defence — prompted German federal and state police to physically dispatch officers to affected companies on the weekend of 27 March. No patch was available at time of the emergency response. PTC has provided a temporary workaround via Apache/IIS rule modification while developing a permanent fix.
UAC-0255 Impersonates CERT-UA to Target Ukrainian Government, Healthcare, and Finance
Russian-linked threat actor UAC-0255 launched a targeted phishing campaign on 26–27 March posing as CERT-UA, Ukraine's national computer emergency response team, to deliver malware to state organisations, medical centres, financial institutions, and software development companies. The campaign uses CERT-UA brand authority to lower recipient suspicion of archive attachments containing remote access implants.