Threat Reports
Threat actor analysis, malware campaigns, and adversary intelligence for OT/ICS environments — 4 reports
Default Credentials, Internet-Exposed PLCs, and the Unsophisticated Actor Problem
CISA's April 2026 joint advisory warns of Iranian-affiliated actors targeting internet-facing PLCs with basic techniques. The Poland energy attack demonstrated the real-world consequences. This analysis covers the threat, affected protocols, and what operators must do now.
Water Sector Cyber Threats 2026 — From Oldsmar to Nation-State Pre-Positioning
Water and wastewater systems face a growing and diverse cyber threat — from opportunistic attacks exploiting internet-exposed HMIs to sophisticated nation-state pre-positioning campaigns. This briefing covers the current threat landscape, attack vectors, and sector-specific defensive priorities.
Volt Typhoon Pre-Positioning in US and UK OT Networks
China-nexus threat actor Volt Typhoon has systematically infiltrated operational technology networks across US and UK critical infrastructure sectors, establishing persistent footholds in energy, water, and communications systems for potential future disruption.
TRITON/TRISIS: The Malware Designed to Kill
TRITON is the only publicly known malware explicitly engineered to disable Safety Instrumented Systems—the last line of defense against industrial catastrophes. An analysis of its architecture, targeting of Schneider Electric Triconex controllers, and what it means for safety system cybersecurity.