Pro-Russia hacktivist OT intrusion campaign against US critical infrastructure
Campaign
Summary
Hide ▲
Show ▼
A coordinated pro-Russia hacktivist campaign is exploiting exposed virtual network computing connections and weak passwords to breach operational technology (OT) systems across US critical infrastructure, creating disruption risk and, in some cases, physical impacts. The activity is tied to groups including Cyber Army of Russia Reborn (CARR), Z-Pentest, NoName057(16), and Sector16, and has affected water treatment, food production, and energy operators. The operators rely on simple reconnaissance, password guessing, and internet-facing human-machine interfaces to gain access.
Related Happenings
Russian state-linked hybrid cyber campaign targeting Denmark
Campaign
First: 19.12.2025 14:28
Last: 19.12.2025 14:28
Sources 1
About this happening:
The **Russian state-linked** campaign against **Denmark** escalated with a destructive **water-utility attack** and **DDoS assaults** tied to **November's local elections**, raisi...
Russian state-linked hybrid cyber campaign targeting Denmark
CampaignAbout this happening: The **Russian state-linked** campaign against **Denmark** escalated with a destructive **water-utility attack** and **DDoS assaults** tied to **November's local elections**, raisi...
CISA-led joint cybersecurity advisory for critical infrastructure
Public Sector Action
First: 09.12.2025 14:00
Last: 09.12.2025 14:00
Sources 1
How related:
According to a new report by CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and other national and international partners, the attacks are part of a surge in low-skilled but disruptive intrusions affecting entities in water treatment, food production and energy in the US.
About this happening:
**CISA**, **FBI**, **NSA**, **DOE**, **EPA**, **DC3**, and global partners issued a **joint cybersecurity advisory** urging **critical infrastructure organizations** to act immedi...
CISA-led joint cybersecurity advisory for critical infrastructure
Public Sector ActionHow related: According to a new report by CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and other national and international partners, the attacks are part of a surge in low-skilled but disruptive intrusions affecting entities in water treatment, food production and energy in the US.
About this happening: **CISA**, **FBI**, **NSA**, **DOE**, **EPA**, **DC3**, and global partners issued a **joint cybersecurity advisory** urging **critical infrastructure organizations** to act immedi...
Pro-Russia hacktivist groups campaign expands across multiple victims
Campaign
First: 09.12.2025 14:00
Last: 09.12.2025 14:00
Sources 1
About this happening:
A sustained **pro-Russia hacktivist** campaign is targeting **U.S. and global critical infrastructure**, raising disruption risk across **OT** and **SCADA** environments. The oper...
Pro-Russia hacktivist groups campaign expands across multiple victims
CampaignAbout this happening: A sustained **pro-Russia hacktivist** campaign is targeting **U.S. and global critical infrastructure**, raising disruption risk across **OT** and **SCADA** environments. The oper...
Warp Panda North American legal, technology and manufacturing espionage campaign
Campaign
First: 05.12.2025 16:30
Last: 05.12.2025 16:30
Sources 1
About this happening:
Warp Panda is running a **sophisticated cyber-espionage campaign** against **North American legal, technology and manufacturing firms**, maintaining **persistent covert access** t...
Warp Panda North American legal, technology and manufacturing espionage campaign
CampaignAbout this happening: Warp Panda is running a **sophisticated cyber-espionage campaign** against **North American legal, technology and manufacturing firms**, maintaining **persistent covert access** t...
Salt Typhoon persistent espionage campaign targeting global networks
Campaign
First: 28.08.2025 17:04
Last: 28.08.2025 17:04
Sources 1
About this happening:
**Salt Typhoon** remains a **persistent espionage campaign** with **multi-year infrastructure** now traced back to **May 2020**. A new analysis found **45 previously unreported do...
Salt Typhoon persistent espionage campaign targeting global networks
CampaignAbout this happening: **Salt Typhoon** remains a **persistent espionage campaign** with **multi-year infrastructure** now traced back to **May 2020**. A new analysis found **45 previously unreported do...
Timeline
-
10.12.2025 18:00 2 articles · 5mo ago
CISA-led advisory on pro-Russia OT intrusions
Initial DisclosureCISA, the FBI, the NSA, and partners warned that loosely organized pro-Russia hacktivist groups are exploiting exposed virtual network computing connections and weak credentials to breach operational technology systems at US water treatment, food production, and energy entities, using simple reconnaissance tools, common password-guessing techniques, and internet-facing human-machine interfaces; affected operators have seen temporary loss of view, altered parameters, disabled alarms, restarted devices, and costly manual recovery, and the advisory urges reduced public internet access to OT assets, stronger authentication including MFA, network segmentation, strict firewall policies, updated software, and contingency plans for rapid manual operation.
Show sources
- Pro-Russia Hackers Target US Critical Infrastructure in New Wave — www.infosecurity-magazine.com — 10.12.2025 18:00
- Pro-Russia Hackers Target US Critical Infrastructure in New Wave — www.infosecurity-magazine.com — 10.12.2025 18:00