Pro-Russia hacktivist OT intrusion campaign against US critical infrastructure
Campaign
Summary
Hide ▲
Show ▼
A coordinated pro-Russia hacktivist campaign is exploiting exposed virtual network computing connections and weak passwords to breach operational technology (OT) systems across US critical infrastructure, creating disruption risk and, in some cases, physical impacts. The activity is tied to groups including Cyber Army of Russia Reborn (CARR), Z-Pentest, NoName057(16), and Sector16, and has affected water treatment, food production, and energy operators. The operators rely on simple reconnaissance, password guessing, and internet-facing human-machine interfaces to gain access.
Related Happenings
Automatic tank gauge (ATG) systems ongoing attacks
Exploitation Wave
H score25
First: 05.06.2026 17:50
Last: 05.06.2026 17:50
Sources 1
About this happening:
**Over 900 internet-exposed ATG systems** across the United States are being targeted in **ongoing attacks**, creating risk of **alert tampering**, **fuel or chemical leaks**, and...
Automatic tank gauge (ATG) systems ongoing attacks
Exploitation WaveAbout this happening: **Over 900 internet-exposed ATG systems** across the United States are being targeted in **ongoing attacks**, creating risk of **alert tampering**, **fuel or chemical leaks**, and...
CISA automatic tank gauge system mitigations
Advisory/Mitigation
H score20
First: 02.06.2026 15:00
Last: 02.06.2026 15:00
Sources 1
About this happening:
**CISA**, **FBI**, **NSA**, and the **Department of Energy** warned that attackers are targeting **internet-exposed automatic tank gauge (ATG) systems** used to monitor fuel and l...
CISA automatic tank gauge system mitigations
Advisory/MitigationAbout this happening: **CISA**, **FBI**, **NSA**, and the **Department of Energy** warned that attackers are targeting **internet-exposed automatic tank gauge (ATG) systems** used to monitor fuel and l...
Iranian hackers' ATG cyberattack campaign
Campaign
H score37
First: 18.05.2026 18:41
Last: 18.05.2026 18:41
Sources 1
About this happening:
Iranian threat groups launched a **barrage of cyberattacks** after the conflict began, broadening pressure on **US gas-station fuel-monitoring systems** and signaling continued ri...
Iranian hackers' ATG cyberattack campaign
CampaignAbout this happening: Iranian threat groups launched a **barrage of cyberattacks** after the conflict began, broadening pressure on **US gas-station fuel-monitoring systems** and signaling continued ri...
Russian state-linked hybrid cyber campaign targeting Denmark
Campaign
H score23
First: 19.12.2025 14:28
Last: 19.12.2025 14:28
Sources 1
About this happening:
The **Russian state-linked** campaign against **Denmark** escalated with a destructive **water-utility attack** and **DDoS assaults** tied to **November's local elections**, raisi...
Russian state-linked hybrid cyber campaign targeting Denmark
CampaignAbout this happening: The **Russian state-linked** campaign against **Denmark** escalated with a destructive **water-utility attack** and **DDoS assaults** tied to **November's local elections**, raisi...
CISA-led joint cybersecurity advisory for critical infrastructure
Public Sector Action
H score39
First: 09.12.2025 14:00
Last: 09.12.2025 14:00
Sources 1
How related:
According to a new report by CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and other national and international partners, the attacks are part of a surge in low-skilled but disruptive intrusions affecting entities in water treatment, food production and energy in the US.
About this happening:
**CISA**, **FBI**, **NSA**, **DOE**, **EPA**, **DC3**, and global partners issued a **joint cybersecurity advisory** urging **critical infrastructure organizations** to act immedi...
CISA-led joint cybersecurity advisory for critical infrastructure
Public Sector ActionHow related: According to a new report by CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and other national and international partners, the attacks are part of a surge in low-skilled but disruptive intrusions affecting entities in water treatment, food production and energy in the US.
About this happening: **CISA**, **FBI**, **NSA**, **DOE**, **EPA**, **DC3**, and global partners issued a **joint cybersecurity advisory** urging **critical infrastructure organizations** to act immedi...
Timeline
-
10.12.2025 18:00 2 articles · 7mo ago
CISA-led advisory on pro-Russia OT intrusions
Initial DisclosureCISA, the FBI, the NSA, and partners warned that loosely organized pro-Russia hacktivist groups are exploiting exposed virtual network computing connections and weak credentials to breach operational technology systems at US water treatment, food production, and energy entities, using simple reconnaissance tools, common password-guessing techniques, and internet-facing human-machine interfaces; affected operators have seen temporary loss of view, altered parameters, disabled alarms, restarted devices, and costly manual recovery, and the advisory urges reduced public internet access to OT assets, stronger authentication including MFA, network segmentation, strict firewall policies, updated software, and contingency plans for rapid manual operation.
Show sources
- Pro-Russia Hackers Target US Critical Infrastructure in New Wave — www.infosecurity-magazine.com — 10.12.2025 18:00
- Pro-Russia Hackers Target US Critical Infrastructure in New Wave — www.infosecurity-magazine.com — 10.12.2025 18:00