Alper Aktaş
Endüstri Vadisi
- Thread Author
- #1
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced that Iranian-linked advanced persistent threat (APT) groups are engaging in exploitation activities targeting internet-accessible operational technology (OT) devices. These devices include programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley.
According to CISA, these attacks have caused operational disruptions and financial losses in U.S. critical infrastructure sectors through data manipulation in project files on PLCs and in human-machine interface (HMI) and supervisory control and data acquisition (SCADA) system screens.
CISA's Recommendations:
- Use secure gateways and firewalls to prevent PLCs from direct internet exposure.
- Query logs within specified timeframes based on the indicated IOCs (indicators of compromise).
- Check for suspicious traffic on ports associated with OT devices (44818, 2222, 102, 502), paying particular attention to traffic originating from foreign servers.
- Set the physical mode switch for Rockwell Automation devices to the run position.
- If you suspect you are being targeted, contact relevant authorities and Rockwell Automation.
Such attacks highlight the importance of cybersecurity risks in the manufacturing sector and the critical danger posed by third-party access. Enhancing sectoral security measures has become a priority.
