Internet-exposed Rockwell Automation/Allen-Bradley PLCs concentrated in the United States
Target Trend
Summary
Hide ▲
Show ▼
A measured exposure pattern shows 5,219 internet-facing Rockwell Automation/Allen-Bradley PLC hosts worldwide, expanding the attack surface for industrial control networks. 74.6% of the exposed hosts were in the United States, making the cohort heavily concentrated in one country. The exposure is especially concerning for devices reachable through EtherNet/IP (EIP) and cellular-connected field deployments.
Related Happenings
US government warning on Iran-affiliated critical infrastructure disruption risk
Public Sector Action
First: 18.05.2026 18:41
Last: 18.05.2026 18:41
Sources 1
About this happening:
The **US government** warned that **Iran-affiliated threat actors** were disrupting **US critical infrastructure** through attacks on **Internet-exposed OT devices** across **mult...
US government warning on Iran-affiliated critical infrastructure disruption risk
Public Sector ActionAbout this happening: The **US government** warned that **Iran-affiliated threat actors** were disrupting **US critical infrastructure** through attacks on **Internet-exposed OT devices** across **mult...
China-nexus hijacked-device proxy network campaign
Campaign
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
China-nexus hackers are **increasingly using** large-scale proxy networks of hijacked consumer devices to **evade detection**, making malicious traffic harder to trace and block....
China-nexus hijacked-device proxy network campaign
CampaignAbout this happening: China-nexus hackers are **increasingly using** large-scale proxy networks of hijacked consumer devices to **evade detection**, making malicious traffic harder to trace and block....
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
Iranian-affiliated US CNI OT attack campaign
Campaign
First: 08.04.2026 11:15
Last: 08.04.2026 11:15
Sources 1
About this happening:
An **Iranian-affiliated** campaign is actively targeting **US critical national infrastructure providers**, creating **operational disruption** and **financial loss** across multi...
Iranian-affiliated US CNI OT attack campaign
CampaignAbout this happening: An **Iranian-affiliated** campaign is actively targeting **US critical national infrastructure providers**, creating **operational disruption** and **financial loss** across multi...
CISA April 7 Rockwell Automation/Allen-Bradley PLC mitigation advisory
Advisory/Mitigation
First: 08.04.2026 11:15
Last: 08.04.2026 11:15
Sources 1
How related:
According to a joint advisory issued by multiple U.S. federal agencies on Tuesday, Iranian state-backed hacking groups have been targeting Rockwell Automation/Allen-Bradley PLC devices since March 2026, causing operational disruptions and financial losses.
About this happening:
**CISA** and authoring agencies issued **April 7** mitigation guidance for **internet-facing OT assets**, warning that **US critical infrastructure** operators using **Rockwell Au...
CISA April 7 Rockwell Automation/Allen-Bradley PLC mitigation advisory
Advisory/MitigationHow related: According to a joint advisory issued by multiple U.S. federal agencies on Tuesday, Iranian state-backed hacking groups have been targeting Rockwell Automation/Allen-Bradley PLC devices since March 2026, causing operational disruptions and financial losses.
About this happening: **CISA** and authoring agencies issued **April 7** mitigation guidance for **internet-facing OT assets**, warning that **US critical infrastructure** operators using **Rockwell Au...
Timeline
-
10.04.2026 18:52 2 articles · 1mo ago
Censys measures 5,219 exposed Rockwell Automation/Allen-Bradley hosts
Technical Analysis UpdateCensys measured 5,219 internet-exposed hosts globally responding to EtherNet/IP (EIP) and self-identifying as Rockwell Automation/Allen-Bradley devices, with 3,891 located in the United States for a 74.6% U.S. share. The exposure pattern is concentrated in field-deployed industrial control devices reachable online, including systems using cellular modems.
Show sources
- Nearly 4,000 US industrial devices exposed to Iranian cyberattacks — www.bleepingcomputer.com — 10.04.2026 18:52
- Nearly 4,000 US industrial devices exposed to Iranian cyberattacks — www.bleepingcomputer.com — 10.04.2026 18:52