Claroty Named a Leader in 2026 Gartner® Magic Quadrant™ for CPS Protection Platforms
Get the Report
Background Image
 
English Deutsch Español Français Italiano Português 日本語 한국어 繁體中文
Request a Demo
Claroty Toggle Search
Return to Blog

The Weaponization of Critical Infrastructure: How Attackers Leverage CPS for Political and Social Gain

/ / 1 min read
Featured image for our blog: The Weaponization of Critical Infrastructure: How Attackers Leverage CPS for Political and Social Gain

A growing number of cyberattacks can be attributed to opportunistic threat actors, mostly hacktivist groups that are sympathetic to adversarial nation-states and highly highly motivated by current geopolitical events, according to new threat intelligence research conducted by Team82. While hacktivist groups often lack the skills and technical knowledge of advanced persistent threat (APT) groups, their alignment with geopolitical ideologies—paired with the sensitivity of their intended targets—make them formidable. 

Adding to the threat level from these groups is a fundamental shift in strategy. Team82 research shows that attackers are moving away from targeted attacks against specific entities, and instead are leveraging classes of internet-facing cyber-physical systems (CPS) assets to compromise at scale. Oftentimes, these breaches haven’t shown elaborate or expensive exploits, or even a thorough understanding of operational technology (OT). These attacks are finding success via brute-force methods against internet-facing devices that simply aren’t secured very well.

In the latest Team82 report, our research points to a noticeable rise in opportunistic attacks against U.S.- and EU-based critical infrastructure. Team82's research also found: 

  • 82% of attacks leveraging CPS have involved insecure protocols such as virtual network computing (VNC) and clients that support the protocol to remotely access exposed internet-facing assets

  • 66% of incidents include the compromise of human-machine interface (HMI) or supervisory control and data acquisition (SCADA) systems that control industrial processes

The report also confirmed geopolitical motivations were high among these attackers. Team82 analyzed more than 200 verified CPS attacks, and of those:

  • 81% of incidents carried out by Iran-affiliated groups were targeting the U.S. and Israel

  • 71% of incidents carried out by Russia-affiliated groups were targeting mostly EU countries

The time is now to strengthen CPS’ security posture, by retiring legacy, insecure protocols, audit and remediate insecure connectivity of CPS assets to the internet, and understand the tactics, techniques, and procedures preferred by hacktivists targeting CPS.

Read the full Team82 threat intelligence report to understand the scope, severity, and frequency of these attacks.

Critical Infrastructure Cybersecurity

Related Articles

Tagged with Critical Infrastructure Cybersecurity
Featured Articles
Resource Library

Interested in learning about Claroty's Cybersecurity Solutions?

Request a Demo
Background Image

Are you ready for
Life, uninterrupted?

Get the World Readiness Guide
Claroty
LinkedIn Twitter YouTube Facebook