Daily OT Security News: June 27, 2026

The OT/ICS/IoT threat landscape on June 27, 2026 reflects a convergence of escalating nation-state aggression against industrial targets, critical gaps in cyber insurance coverage for physical damage, and renewed regulatory momentum around IoT product security. Today’s briefing covers a Russian-attributed manufacturing shutdown at Jaguar Land Rover with a $2.5 billion economic impact, a Chinese APT campaign targeting Southeast Asian energy infrastructure with sophisticated custom malware, a newly disclosed vulnerability in widely deployed Reolink home hub devices, a stark warning about Asia-Pacific’s uninsured OT cyber exposure, and updated federal IoT security guidelines from NIST now open for public comment. Security practitioners and executives should pay particular attention to the growing convergence of cyber and physical risk—and the insurance blind spots that leave critical infrastructure operators exposed.

NIST Releases SP 800-213 Revision 1 for Public Comment, Expanding IoT Product Security Requirements

NIST has published an initial public draft of Special Publication 800-213 Revision 1, titled “IoT Product Cybersecurity Guidelines for the Federal Government: Establishing IoT Product Cybersecurity Requirements,” open for comment through August 24, 2026. The revision broadens scope from individual “devices” to holistic “IoT products” and integrates NIST IR 8259r1 to address full manufacturer lifecycle obligations, including post-market support, vulnerability management, and end-of-life communication requirements. Federal agencies will be required to use the NIST IoT core baseline (SP 800-213A) as minimum cybersecurity standards in procurement decisions. The update implements mandates from the IoT Cybersecurity Improvement Act of 2020 and Executive Order 14028, signaling tighter federal procurement controls for connected devices across government infrastructure.

Source: SC World

Nozomi Networks Discloses Critical Weak Credential Vulnerability in Reolink Home Hub Devices

Nozomi Networks Labs has disclosed CVE-2026-57473, a CWE-1391 (Use of Weak Credentials) vulnerability affecting the netclient and factory services of Reolink Home Hub devices running firmware versions prior to v3.3.0.456_26031911. An adjacent network attacker can intercept traffic and brute-force credentials associated with connected cameras, with the vulnerability carrying a CVSS 4.0 score of 5.8 and high supplemental impact ratings across scope, system integrity, and system availability (SC:H/SI:H/SA:H). The flaw was discovered by Raffaele Bova at Nozomi Networks Labs and represents a meaningful risk in environments where Reolink hubs are deployed for physical security surveillance. Affected organizations are strongly advised to update immediately to firmware version v3.3.0.456_26031911 or later.

Source: Nozomi Networks

Russian-Linked Cyberattack on Jaguar Land Rover Halts Global Manufacturing for Over a Month

Russia is under active investigation as the suspected threat actor behind a devastating cyberattack on Jaguar Land Rover (JLR) that forced a production shutdown lasting more than a month across manufacturing facilities in the United Kingdom, India, Brazil, and Slovakia. The breach, detected August 31, disrupted operations during the critical 75-plate vehicle registration period, contributing to a 17% decline in global sales and an estimated $2.5 billion impact to the UK economy. The attack affected 32,800 direct JLR employees and approximately 104,000 supply chain workers, prompting the UK government to announce a £1.5 billion loan guarantee to stabilize JLR’s supply chain. The UK National Cyber Security Centre (NCSC), operating under GCHQ, and the National Crime Agency are jointly leading the investigation into the incident.

Source: Newscord

Asia-Pacific Industrial OT Cyber Insurance Gap Reaches Critical Levels as Physical Damage Risk Surges

Lloyd’s specialist insurer Tokio Marine Kiln (TMK) is sounding the alarm over a structural insurance gap leaving Asia-Pacific manufacturers critically exposed to cyberattack-triggered physical damage, with the region generating over 50% of global manufacturing output while holding only 10% of global cyber insurance premium compared to North America’s 66%. IBM X-Force data indicates APAC accounted for approximately one-third of global cyber incidents in 2024, with manufacturing consistently ranked as the most targeted sector, while Munich Re identifies manufacturing as carrying the highest proportion of ransomware claims globally. The core exposure stems from a well-documented policy exclusion gap: cyber insurance policies typically exclude physical damage, while property and casualty policies exclude cyber-origin events—leaving OT, IIoT, and AI-driven robotics environments in a coverage no-man’s-land. INTERPOL recorded 6.5 billion cyber threats targeting APAC in 2024, with ransomware striking an estimated 135,000 targets across the region.

Source: Insurance Business Magazine

Chinese APT CL-STA-1062 Deploys Custom TinyRCT Backdoor Against Southeast Asian Critical Energy Infrastructure

Palo Alto Networks Unit 42 has published research detailing an expanded campaign by Chinese-speaking threat actor CL-STA-1062 (also tracked as UAT-7237 by Cisco Talos) targeting Southeast Asian government entities and state-owned critical energy infrastructure, with at least 10 confirmed organizational breaches recorded between October and December 2025. The group’s updated toolset includes ASPX web shells, SoftEther VPN for persistent tunneling, and a newly identified custom C# backdoor designated TinyRCT—delivered via DLL side-loading through a file named chrome_setup.zip and disguised on disk as PerfWatson2.exe. TinyRCT executes commands via cmd.exe, exfiltrates data in 40KB AES-encrypted gzip chunks, captures screenshots, and incorporates a self-destruct capability to hinder forensic investigation. The campaign’s focus on critical energy infrastructure, combined with advanced lateral movement capabilities, underscores the persistent and escalating threat Chinese state-affiliated actors pose to industrial and utility sectors across the Indo-Pacific region.

Source: Security Affairs

Share this