Cyber activists capitalizing on subpar cybersecurity practices at essential service providers
In recent times, there has been a concerning rise in cyberattacks on operational technology (OT) systems in the water, energy, and agricultural sectors. These attacks, often linked to pro-Russia hacktivist groups, aim to disrupt and manipulate industrial control systems (ICS), causing both physical and operational impacts [1][3].
One such group, Z-Pentest, has been particularly active in Europe, leading a surge in ICS attacks in 2025, with a focus on energy infrastructure [1]. Their tactics involve posting videos of ICS tampering to increase psychological impact. Another pro-Russian collective, NoName057(16), has carried out massive coordinated distributed denial-of-service (DDoS) attacks against countries supporting Ukraine, including those in NATO, and sectors like logistics connected to water and energy [2][4][5].
The attacks on OT systems are becoming increasingly sophisticated, with an increase in the exploitation of protocols like Modbus (57% of honeypot interactions in 2025) and zero-day vulnerabilities [3]. This trend supports adversaries’ ability to infiltrate ICS used in infrastructure like water treatment plants, energy grids, and agricultural control systems.
To secure these critical OT systems, experts recommend several measures. These include enhanced monitoring and threat detection tailored for OT/ICS environments, patch management prioritizing high or critical vulnerabilities, segmentation of OT networks, incident response readiness with specialized playbooks, collaboration between private industry and government agencies, and targeted disruption of threat actor infrastructure [3][5].
The FBI Director, Chris Wray, warned about state-sponsored activity targeting multiple critical infrastructure sectors in an April speech [6]. In response, White House and Environmental Protection Agency officials urged state homeland security experts to submit plans to secure water and wastewater treatment facilities by May 20 [7].
The compromise of these systems is largely due to the use of insecure configurations, such as factory default weak passwords and a lack of multifactor authentication [8]. To mitigate this, agencies urge providers to immediately change to more complex passwords and implement multifactor authentication [8]. Technology vendors also need to help make industrial control systems more secure, so that users do not have to constantly change security settings [8].
Providers should take additional mitigation steps, including disconnecting human-machine interfaces from the public-facing internet and making backups of the engineering logic, configurations, and firmware to enable fast recovery [8]. Volt Typhoon, a state-linked group affiliated with the People's Republic of China, has also been active against the water sector, following months of threat activity targeting water and wastewater treatment facilities [9].
The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint fact sheet with the FBI, National Security Agency, and multiple international agencies, urging providers to take immediate action [10]. The activity thus far has mainly involved hackers conducting nuisance activity, like manipulating human-machine interfaces [11]. However, the potential for more dangerous activities remains a significant concern.
[1] Source [2] Source [3] Source [4] Source [5] Source [6] Source [7] Source [8] Source [9] Source [10] Source [11] Source
- In the realm of finance and business, cybersecurity in the energy industry has become a significant concern due to the rising cyberattacks on operational technology systems.
- The escalating sophistication of these attacks includes the exploitation of protocols like Modbus and the use of zero-day vulnerabilities, potentially compromising water treatment plants, energy grids, and agricultural systems.
- Experts propose various measures to secure critical operational technology systems, such as enhancing monitoring, prioritizing patch management, segmenting networks, and implementing collision response strategies.
- The compromise of these systems often stems from insecure configurations, like weak passwords and a lack of multifactor authentication, with firms urged to adopt complex passwords and multifactor authentication.
- The potential danger goes beyond nuisance activities; the Cybersecurity and Infrastructure Security Agency has warned about the very real threat of state-sponsored groups like Volt Typhoon targeting the water sector.
- Concerns over cybersecurity in the sports betting industry may also arise, as the manipulation of human-machine interfaces demonstrates the potential for broader implications in various sectors, including personal finance, wealth management, and technology.
