Welcome to Viakoo’s daily OT security briefing for June 22, 2026. Today’s roundup highlights critical developments in industrial cybersecurity, from widespread credential-harvesting campaigns to major acquisitions and emerging threats in maritime and water utility sectors. Stay informed to better protect your OT and IoT environments.
Global Agencies Warn of FortiBleed Credential-Harvesting Campaign Targeting Fortinet Firewalls and VPN Gateways
A large-scale credential-harvesting campaign dubbed ‘FortiBleed’ has compromised over 86,644 working login credentials for Fortinet devices across 194 countries. The campaign, attributed to Russian-speaking threat actors, uses automated scanning, brute-force techniques, and credential reuse from prior incidents rather than a new zero-day vulnerability. CISA, the UK’s NCSC, and Australia’s ASD/ACSC have all issued urgent guidance urging organizations to rotate credentials, enforce MFA, and restrict management interface internet exposure.
Source: Industrial Cyber
Iran-Linked Handala Group Targets California Water Service, Exposing IT-OT Convergence Risks
The Iran-linked threat group Handala has claimed responsibility for breaching California Water Service (Cal Water), one of the largest U.S. water utilities serving approximately two million customers. The attackers gained initial access through an open-source GPS correction tool (RTKBase) and pivoted to exfiltrate 5 GB of customer billing data including PII and administrative credentials. While no operational disruption to water treatment systems was confirmed, analysts warn the incident highlights dangerous IT-OT convergence pathways and Handala’s history of escalating from data theft to destructive operations.
Source: Industrial Cyber
Accenture Acquires Majority Stake in Dragos in $4.18 Billion OT Cybersecurity Deal
Accenture has announced a $4.18 billion deal to acquire a majority stake in industrial cybersecurity leader Dragos, along with full acquisitions of asset intelligence firm runZero and firmware visibility company NetRise. The combined platform aims to deliver end-to-end OT security for critical infrastructure operators across power grids, pipelines, manufacturing, and data centers. Together the three companies generate approximately $208 million in annual recurring revenue, representing 53% year-over-year growth, signaling rapid maturation of the OT cybersecurity market.
Source: Industrial Cyber
CISA Issues Multiple ICS Advisories for Rockwell Automation and Mitsubishi Electric Products
CISA published a wave of ICS advisories this week covering critical and high-severity vulnerabilities in Rockwell Automation’s FactoryTalk Historian, CompactLogix and ControlLogix controllers, Flex I/O adapters, RSLinx software, and Mitsubishi Electric’s MELSEC iQ-F Series. The Rockwell FactoryTalk Historian flaws include an authentication bypass and denial-of-service vulnerabilities, while a critical Flex I/O flaw allows unauthenticated attackers to change device web interface passwords. Industrial operators are urged to apply patches immediately and review network segmentation.
Source: SecurityWeek
Anubis Ransomware Attack on Adriatic Port Authority Highlights Maritime Infrastructure Cyber Risks
Resecurity has released detailed threat intelligence on the Anubis ransomware group’s attack on Italy’s Adriatic Port Authority, which disrupted cargo tracking, shipping schedules, and customs processing across the Adriatic region. The attackers demanded $10 million in Bitcoin after encrypting systems and exfiltrating contracts and employee records, demonstrating how IT-focused ransomware attacks can generate significant operational consequences in cyber-physical maritime environments. The incident underscores the growing attractiveness of port authorities as ransomware targets due to expanding digitalization, interconnected logistics platforms, and limited cybersecurity maturity.
Source: Industrial Cyber
Thank you for reading today’s briefing. Stay vigilant and proactive to safeguard your OT and IoT systems against evolving cyber threats.
