Pro-Russia hacktivist groups campaign expands across multiple victims
Campaign
Summary
Hide ▲
Show ▼
A sustained pro-Russia hacktivist campaign is targeting U.S. and global critical infrastructure, raising disruption risk across OT and SCADA environments. The operation uses opportunistic, low-sophistication methods and seeks access through internet-facing VNC services and other exposed paths. It has already affected sectors including water treatment, oil well systems, energy systems, and farms.
Related Happenings
Automatic tank gauge (ATG) systems ongoing attacks
Exploitation Wave
H score25
First: 05.06.2026 17:50
Last: 05.06.2026 17:50
Sources 1
About this happening:
**Over 900 internet-exposed ATG systems** across the United States are being targeted in **ongoing attacks**, creating risk of **alert tampering**, **fuel or chemical leaks**, and...
Automatic tank gauge (ATG) systems ongoing attacks
Exploitation WaveAbout this happening: **Over 900 internet-exposed ATG systems** across the United States are being targeted in **ongoing attacks**, creating risk of **alert tampering**, **fuel or chemical leaks**, and...
CISA automatic tank gauge system mitigations
Advisory/Mitigation
H score20
First: 02.06.2026 15:00
Last: 02.06.2026 15:00
Sources 1
About this happening:
**CISA**, **FBI**, **NSA**, and the **Department of Energy** warned that attackers are targeting **internet-exposed automatic tank gauge (ATG) systems** used to monitor fuel and l...
CISA automatic tank gauge system mitigations
Advisory/MitigationAbout this happening: **CISA**, **FBI**, **NSA**, and the **Department of Energy** warned that attackers are targeting **internet-exposed automatic tank gauge (ATG) systems** used to monitor fuel and l...
Iranian-linked PLC targeting campaign against U.S. critical infrastructure
Campaign
H score38
First: 07.04.2026 21:02
Last: 07.04.2026 21:02
Sources 1
About this happening:
Iranian-linked hackers are actively targeting **Internet-exposed Rockwell/Allen-Bradley PLCs** on **U.S. critical infrastructure** networks, increasing the risk of operational dis...
Iranian-linked PLC targeting campaign against U.S. critical infrastructure
CampaignAbout this happening: Iranian-linked hackers are actively targeting **Internet-exposed Rockwell/Allen-Bradley PLCs** on **U.S. critical infrastructure** networks, increasing the risk of operational dis...
Electrum and Kamicite destructive OT/ICS campaign
Campaign
H score28
First: 17.02.2026 23:31
Last: 17.02.2026 23:31
Sources 1
About this happening:
A **2025 destructive campaign** tied to **Electrum** and **Kamicite** combined **persistent scanning** with attacks that could disrupt industrial and communications infrastructure...
Electrum and Kamicite destructive OT/ICS campaign
CampaignAbout this happening: A **2025 destructive campaign** tied to **Electrum** and **Kamicite** combined **persistent scanning** with attacks that could disrupt industrial and communications infrastructure...
Chinese threat actor campaigns against Taiwanese critical infrastructure in 2025
Campaign
H score38
First: 07.01.2026 16:00
Last: 07.01.2026 16:00
Sources 1
About this happening:
**Chinese cyber threat actors** intensified **campaigns against Taiwanese critical infrastructure** in **2025**, putting **energy**, **healthcare**, **communications**, **administ...
Chinese threat actor campaigns against Taiwanese critical infrastructure in 2025
CampaignAbout this happening: **Chinese cyber threat actors** intensified **campaigns against Taiwanese critical infrastructure** in **2025**, putting **energy**, **healthcare**, **communications**, **administ...
Timeline
-
09.12.2025 14:00 2 articles · 7mo ago
Joint advisory warns of opportunistic attacks on critical infrastructure
Initial DisclosureCISA, FBI, NSA, DOE, EPA, DC3, and global partners issued a joint cybersecurity advisory warning that pro-Russia hacktivist groups are conducting opportunistic, low-sophistication attacks against U.S. and global critical infrastructure. The advisory says the actors have targeted SCADA networks, used simultaneous DDoS attacks to facilitate SCADA intrusions, and exploited minimally secured, internet-facing VNC connections to reach OT control devices, while urging organizations to reduce OT exposure, adopt mature asset management, and use robust authentication.
Show sources
- CISA, FBI, and U.S. and Global Partners Urge Immediate Action to Defend Critical Infrastructure from Pro-Russia Hacktivist Threats — www.cisa.gov — 09.12.2025 14:00
- CISA, FBI, and U.S. and Global Partners Urge Immediate Action to Defend Critical Infrastructure from Pro-Russia Hacktivist Threats — www.cisa.gov — 09.12.2025 14:00