CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Unauthenticated Internet-exposed industrial controllers identified in global OT networks

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Researchers identified at least 179 Internet-connected industrial control systems (ICS) devices exposing the Modbus protocol on default port 502 without authentication, enabling direct read and write access by any Internet user. The exposed devices include controllers tied to national railway and power grid infrastructure, creating potential for serious physical consequences if compromised. Despite geopolitical tensions, direct targeting of OT assets remains an active and avoidable risk vector.

Timeline

  1. 10.04.2026 16:30 1 articles · 3h ago

    Unauthenticated Modbus exposure on critical OT assets confirmed via global scan

    A global scan identified 179 industrial control systems exposing the Modbus protocol on port 502 without authentication, including devices linked to national railway and power grid infrastructure. The exposure enables direct read/write access by any Internet user, creating potential for serious physical consequences in critical sectors. This development follows US government warnings about Iran-linked targeting of PLCs and observed attacks on renewable energy infrastructure in Poland linked to Russia-aligned actors.

    Show sources
    Open in new tab

Information Snippets

  • A scan using Masscan identified 311 open Modbus devices, with 179 confirmed unauthenticated and exposed on port 502 after excluding honeypots.

    First reported: 10.04.2026 16:30
    1 source, 1 article
    Show sources

  • The exposed devices include industrial controllers with no authentication requirements, allowing any Internet user to read from and potentially write to the systems.

    First reported: 10.04.2026 16:30
    1 source, 1 article
    Show sources

  • Researchers identified devices associated with a national railway and two national power grids among the exposed systems.

    First reported: 10.04.2026 16:30
    1 source, 1 article
    Show sources

  • The US government warned on April 7, 2026, that Iran-linked cyberattackers are targeting programmable logic controllers (PLCs) in critical infrastructure sectors such as water, wastewater, and energy.

    First reported: 10.04.2026 16:30
    1 source, 1 article
    Show sources

  • In December 2025, a cyberattack targeted Poland’s decentralized wind- and solar-energy infrastructure but did not intend to disrupt civilian power supply; multiple analysts attributed the attack to Russia-aligned actors.

    First reported: 10.04.2026 16:30
    1 source, 1 article
    Show sources

  • Nation-state actors from Iran, Israel, Russia, Ukraine, and the US have targeted IP cameras to gather intelligence on critical locations, including leadership movements and kinetic strike impacts.

    First reported: 10.04.2026 16:30
    1 source, 1 article
    Show sources

  • Less than 10% of OT networks globally have visibility and monitoring capabilities, according to Dragos’ 2026 OT Cybersecurity Year in Review report.

    First reported: 10.04.2026 16:30
    1 source, 1 article
    Show sources

  • Nearly half of architecture reviews (46%) and the vast majority of tabletop exercises (88%) were hampered by lack of visibility, while 30% of incident response cases began with unexplained operational issues rather than detected anomalies.

    First reported: 10.04.2026 16:30
    1 source, 1 article
    Show sources