Today’s OT security landscape underscores escalating threats from nation-state actors targeting critical infrastructure, alongside rapid advances in AI integration within operational environments. New government initiatives aim to bolster defense capabilities, while reports highlight increasing IoT vulnerabilities and sophisticated botnet activity disrupting interconnected systems.
Iranian-Linked Hackers Exploit Internet-Exposed PLCs in U.S. Water and Energy Sectors
U.S. federal cybersecurity agencies issued advisory AA26-097A warning that Iranian-affiliated hackers are actively exploiting publicly accessible programmable logic controllers (PLCs) across American critical infrastructure. Attackers use standard engineering tools to infiltrate and manipulate ladder logic, causing operational disruptions and financial losses by feeding false data to control systems.
Source: Intelligent Living
U.S. Air Force Establishes CROCS to Focus Exclusively on OT Cybersecurity
The Air Force has become the first U.S. military branch to create a dedicated OT cybersecurity office, the Cyber Resiliency Office for Control Systems (CROCS), which achieved initial operating capability in 2024. CROCS coordinates with U.S. Cyber Command to defend OT systems, integrates OT security funding into the Department of Defense’s planning, and develops a specialized cyber workforce pipeline amid growing nation-state threats.
Source: OT Today
2026 SonicWall Cyber Protect Report Reveals 11% Surge in IoT Attacks
SonicWall’s 2026 Cyber Protect Report details a significant rise in IoT-targeted attacks, with an 11% increase to 610 million hits in 2025. High and medium severity attacks rose by 20.8%, fueled by automated bots that now generate over 36,000 vulnerability scans per second, while ransomware increasingly impacts small and medium-sized businesses, representing 88% of breaches.
Source: Channel Impact
Industrial Cybersecurity Buyers’ Guide 2026 Highlights AI Integration and Persistent OT Threats
The 2026 Industrial Cybersecurity Buyers’ Guide formally incorporates AI, large language models, and agentic security technologies within OT environments for the first time. It notes a shift from disruption-focused attacks to adversaries maintaining persistent footholds, with AI increasingly influencing operational workflows faster than governance frameworks can adapt across critical sectors including manufacturing and energy.
Source: Industrial Cyber
New Nexcorium Mirai Variant Exploits TBK DVR Vulnerabilities to Build IoT Botnet
The Nexcorium Mirai botnet variant is actively exploiting known vulnerabilities and weak credentials in TBK DVR devices commonly used in surveillance systems. Compromised devices are conscripted into large-scale DDoS attacks, illustrating the ongoing evolution of IoT botnets targeting OT-adjacent infrastructure and emphasizing the need for improved IoT device security practices.
Source: Security Affairs
