ALL POSTS

Key Findings Censys identified 5,219 internet-exposed Rockwell Automation PLCs globally, with 74.6% located in the United States Iranian-linked APT groups have been actively targeting these devices since March 2026, causing operational disruptions and financial losses Approximately 3,891 exposed U.S. devices are concentrated on cellular networks, indicating field-deployed infrastructure at utilities and substations Most vulnerable devices run outdated firmware from the MicroL

Key Findings Iran-affiliated cyber actors are actively targeting internet-exposed programmable logic controllers (PLCs) across U.S. critical infrastructure sectors including government, water systems, and energy Attacks have caused diminished PLC functionality, manipulated display data, operational disruption, and financial losses Threat actors are exploiting Rockwell Automation and Allen-Bradley PLCs, specifically CompactLogix and Micro850 devices Initial access is gained th