Internet-exposed Rockwell Automation/Allen-Bradley PLCs concentrated in the United States
Trend
Summary
Hide ▲
Show ▼
A measured exposure pattern shows 5,219 internet-facing Rockwell Automation/Allen-Bradley PLC hosts worldwide, expanding the attack surface for industrial control networks. 74.6% of the exposed hosts were in the United States, making the cohort heavily concentrated in one country. The exposure is especially concerning for devices reachable through EtherNet/IP (EIP) and cellular-connected field deployments.
Related Happenings
Automatic tank gauge (ATG) systems ongoing attacks
Exploitation Wave
H score25
First: 05.06.2026 17:50
Last: 05.06.2026 17:50
Sources 1
About this happening:
**Over 900 internet-exposed ATG systems** across the United States are being targeted in **ongoing attacks**, creating risk of **alert tampering**, **fuel or chemical leaks**, and...
Automatic tank gauge (ATG) systems ongoing attacks
Exploitation WaveAbout this happening: **Over 900 internet-exposed ATG systems** across the United States are being targeted in **ongoing attacks**, creating risk of **alert tampering**, **fuel or chemical leaks**, and...
US government warning on Iran-affiliated critical infrastructure disruption risk
Public Sector Action
H score24
First: 18.05.2026 18:41
Last: 18.05.2026 18:41
Sources 1
About this happening:
The **US government** warned that **Iran-affiliated threat actors** were disrupting **US critical infrastructure** through attacks on **Internet-exposed OT devices** across **mult...
US government warning on Iran-affiliated critical infrastructure disruption risk
Public Sector ActionAbout this happening: The **US government** warned that **Iran-affiliated threat actors** were disrupting **US critical infrastructure** through attacks on **Internet-exposed OT devices** across **mult...
China-nexus hijacked-device proxy network campaign
Campaign
H score43
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**China-nexus** hackers are using **JDY**, a covert **SOHO/IoT** reconnaissance network, to expand **targeted scanning** and **service fingerprinting** across exposed infrastructu...
China-nexus hijacked-device proxy network campaign
CampaignAbout this happening: **China-nexus** hackers are using **JDY**, a covert **SOHO/IoT** reconnaissance network, to expand **targeted scanning** and **service fingerprinting** across exposed infrastructu...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
H score66
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
Iranian-affiliated US CNI OT attack campaign
Campaign
H score33
First: 08.04.2026 11:15
Last: 08.04.2026 11:15
Sources 1
About this happening:
An **Iranian-affiliated** campaign is actively targeting **US critical national infrastructure providers**, creating **operational disruption** and **financial loss** across multi...
Iranian-affiliated US CNI OT attack campaign
CampaignAbout this happening: An **Iranian-affiliated** campaign is actively targeting **US critical national infrastructure providers**, creating **operational disruption** and **financial loss** across multi...
Timeline
-
10.04.2026 18:52 2 articles · 3mo ago
Censys measures 5,219 exposed Rockwell Automation/Allen-Bradley hosts
Technical Analysis UpdateCensys measured 5,219 internet-exposed hosts globally responding to EtherNet/IP (EIP) and self-identifying as Rockwell Automation/Allen-Bradley devices, with 3,891 located in the United States for a 74.6% U.S. share. The exposure pattern is concentrated in field-deployed industrial control devices reachable online, including systems using cellular modems.
Show sources
- Nearly 4,000 US industrial devices exposed to Iranian cyberattacks — www.bleepingcomputer.com — 10.04.2026 18:52
- Nearly 4,000 US industrial devices exposed to Iranian cyberattacks — www.bleepingcomputer.com — 10.04.2026 18:52