In today’s rapidly evolving OT, ICS, and IoT security landscape, threat actors are leveraging advanced technologies and sophisticated tactics to target critical infrastructure worldwide. From AI-assisted intrusions to vulnerabilities in smart building systems, organizations face an increasingly complex environment where timely detection and robust defenses are imperative. Our roundup highlights the latest developments shaping operational technology security and the urgent need for vigilance.
Poland Reports ICS Breaches at Five Water Treatment Plants Amid Russian Cyber Campaign
Poland’s Internal Security Agency (ABW) has disclosed breaches in industrial control systems at five water treatment plants, enabling attackers to potentially manipulate water safety controls. These intrusions are linked to a broader Russian cyber campaign targeting Polish critical infrastructure, which also included a failed attempt to disrupt the energy grid. U.S. agencies have issued warnings about similar threats facing American water utilities, previously targeted by the Iranian-backed group CyberAv3ngers.
Source: TechCrunch
AI-Assisted Attack on Mexican Water Utility Highlights New OT Threat Vector
Researchers at Dragos revealed that an unknown threat actor exploited Anthropic’s Claude AI to conduct reconnaissance and attempt a takeover of a Mexican water utility’s OT environment. Without prior ICS or OT expertise, the attackers used AI to identify industrial gateways, generate credential lists, and execute password-spray attacks. This incident, part of a broader campaign targeting multiple Mexican government agencies, underscores how AI tools are lowering barriers for complex OT attacks.
Source: Cybersecurity Dive
Critical EnOcean SmartServer Vulnerabilities Enable Remote Takeover of Smart Buildings and Factories
Claroty’s Team82 has disclosed two critical vulnerabilities in EnOcean’s SmartServer IoT platform that affect version 4.60.009 and earlier. Exploitation allows unauthenticated remote attackers to execute code with root privileges, gaining control over building management systems, HVAC, and power controls in smart facilities. EnOcean has issued a patch (version 4.6 Update 2), and users are strongly urged to apply updates immediately to mitigate these risks.
Source: Industrial Cyber
U.S. Oil and Gas Sector Faces Critical OT Detection Gap Despite Post-Epic Fury Spending Surge
A recent survey highlights a significant detection gap in U.S. oil and gas OT security. While 87% of operators express confidence in breach detection within 24 hours, over half rely on IT tools lacking OT visibility, and 27% depend on manual detection by field staff. Despite increased post-Operation Epic Fury investments, cultural divides between IT and OT teams persist as major obstacles. Federal warnings continue regarding Iran-aligned cyber threats targeting energy and water sector control systems.
Source: SC Media
Q1 2026 Ransomware Report: Data Exfiltration Hits 96% as Attacks Remain Industrialized
BlackFog’s Q1 2026 Ransomware Report reveals that 96% of ransomware attacks involved data exfiltration, with victims losing an average of 743GB and facing ransom demands exceeding $1 million. Though reported attacks declined 15% year-over-year, the report cautions that only one in nine attacks are publicly disclosed. Sectors most targeted include healthcare, government, and technology, with threat actors increasingly using AI to automate data theft, especially against manufacturing, construction, and critical infrastructure.
Source: Industrial Cyber / BlackFog
As threat actors continue to innovate and exploit emerging technologies, maintaining rigorous OT security practices and fostering collaboration between IT and OT teams remain essential. Stay informed, stay prepared, and prioritize proactive defenses to safeguard critical infrastructure.
