Find notable cyber news and cases, enriched with sources, timelines, and signals.

Internet-exposed Rockwell Automation/Allen-Bradley PLCs concentrated in the United States

Trend
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

A measured exposure pattern shows 5,219 internet-facing Rockwell Automation/Allen-Bradley PLC hosts worldwide, expanding the attack surface for industrial control networks. 74.6% of the exposed hosts were in the United States, making the cohort heavily concentrated in one country. The exposure is especially concerning for devices reachable through EtherNet/IP (EIP) and cellular-connected field deployments.

Related Happenings

Automatic tank gauge (ATG) systems ongoing attacks

Exploitation Wave
H score25 First: 05.06.2026 17:50 Last: 05.06.2026 17:50 Sources 1

About this happening: **Over 900 internet-exposed ATG systems** across the United States are being targeted in **ongoing attacks**, creating risk of **alert tampering**, **fuel or chemical leaks**, and...

US government warning on Iran-affiliated critical infrastructure disruption risk

Public Sector Action
H score24 First: 18.05.2026 18:41 Last: 18.05.2026 18:41 Sources 1

About this happening: The **US government** warned that **Iran-affiliated threat actors** were disrupting **US critical infrastructure** through attacks on **Internet-exposed OT devices** across **mult...

China-nexus hijacked-device proxy network campaign

Campaign
H score43 First: 23.04.2026 15:28 Last: 23.04.2026 15:28 Sources 1

About this happening: **China-nexus** hackers are using **JDY**, a covert **SOHO/IoT** reconnaissance network, to expand **targeted scanning** and **service fingerprinting** across exposed infrastructu...

NCSC-UK joint advisory on covert botnets and proxy networks

Public Sector Action
H score66 First: 23.04.2026 15:28 Last: 23.04.2026 15:28 Sources 1

About this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...

Iranian-affiliated US CNI OT attack campaign

Campaign
H score33 First: 08.04.2026 11:15 Last: 08.04.2026 11:15 Sources 1

About this happening: An **Iranian-affiliated** campaign is actively targeting **US critical national infrastructure providers**, creating **operational disruption** and **financial loss** across multi...

Timeline

  1. 10.04.2026 18:52 2 articles · 3mo ago

    Censys measures 5,219 exposed Rockwell Automation/Allen-Bradley hosts

    Technical Analysis Update

    Censys measured 5,219 internet-exposed hosts globally responding to EtherNet/IP (EIP) and self-identifying as Rockwell Automation/Allen-Bradley devices, with 3,891 located in the United States for a 74.6% U.S. share. The exposure pattern is concentrated in field-deployed industrial control devices reachable online, including systems using cellular modems.

    Show sources