Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA April 7 Rockwell Automation/Allen-Bradley PLC mitigation advisory

Advisory/Mitigation
First reported
Last updated
Happening score
H score 24
2 unique sources, 2 articles

Summary

Hide ▲

CISA and authoring agencies issued April 7 mitigation guidance for internet-facing OT assets, warning that US critical infrastructure operators using Rockwell Automation/Allen-Bradley PLCs face ongoing compromise risk. The advisory urges organizations to review TTPs and IOCs for signs of current or historical activity and apply the listed mitigations to reduce exposure.

Related Happenings

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...

Open Happening

CISA releases CI Fortify guidance for critical infrastructure resilience

Public Sector Action
First: 05.05.2026 15:00 Last: 05.05.2026 15:00 Sources 1

About this happening: CISA released CI Fortify, guidance for critical infrastructure operators across sectors to help keep essential services running during cyberattack or crisis conditions. The framew...

Latest development: 06.05.2026 16:15

CISA launched CI Fortify on Tuesday as a planning framework for critical infrastructure operators in water, energy, transportation and communications to prepare for cyber disruption by disconnecting OT systems from third-party and business networks, maintaining essential services in degraded communications conditions, and recovering compromised systems through backups, component replacement, or a transition to manual operations.

Open Happening

CISA-led zero-trust guide for OT environments

Public Sector Action
First: 30.04.2026 17:00 Last: 30.04.2026 17:00 Sources 1

About this happening: US government agencies led by **CISA** released **Adapting Zero Trust Principles to Operational Technology**, giving **OT operators** a framework to improve **critical infrastruct...

Open Happening

CISA joint Zero Trust OT guide

Public Sector Action
First: 29.04.2026 15:00 Last: 29.04.2026 15:00 Sources 1

About this happening: CISA and U.S. partners **published** a joint guide to help **OT owners and operators** apply **Zero Trust** to **operational technology environments**, giving government and infra...

Open Happening

CISA and NCSC-UK China-nexus covert device networks advisory

Advisory/Mitigation
First: 23.04.2026 15:00 Last: 23.04.2026 15:00 Sources 1

About this happening: **CISA** and **NCSC-UK** released a new advisory warning organizations about **Chinese government-linked** covert networks built from **compromised devices**. The guidance says we...

Open Happening

Timeline

  1. 08.04.2026 11:15 2 articles · 1mo ago

    CISA issues mitigation guidance for internet-facing Rockwell PLC exposure

    Mitigation Patch Update

    CISA issued urgent mitigation guidance for US critical infrastructure operators using internet-facing Rockwell Automation/Allen-Bradley PLCs, warning that attackers were targeting OT assets across government services and facilities, water and wastewater systems, and energy. The advisory described malicious use of Studio 5000 Logix Designer to create an "accepted connection" to targeted PLCs via overseas IP addresses and third-party hosted infrastructure, noted malicious traffic on ports 44818, 2222, 102, 22, and 502, and said port 22 activity involved Dropbear Secure Shell (SSH) software on victim endpoints for remote access; recommended actions included reviewing TTPs and IOCs, using secure gateways and firewalls, checking logs for suspicious traffic, and placing Rockwell Automation controllers in the run position.

    Show sources
    Open in new tab