• Vulnerable U
  • Posts
  • CISA Warns of OT Attacks By Lower-Level Adversaries

CISA Warns of OT Attacks By Lower-Level Adversaries

In a new advisory, the agencies–including the Environmental Protection Agency and Department of Energy–said that they are seeing an uptick in the number of attacks against OT networks by non-APT teams

Author

Newsroom
May 07, 2025

CISA, the FBI and other federal agencies are warning enterprises and critical infrastructure operators about ongoing attacks against operational technology (OT) networks, not by the APT groups you might expect but by lower-level adversaries. 

In a new advisory, the agencies–including the Environmental Protection Agency and Department of Energy–said that they are seeing an uptick in the number of attacks against OT networks by non-APT teams such as cybercrime groups. OT and CI networks historically have not been frequent targets for cybercrime groups, mostly because those networks are made up of devices and protocols that aren’t typically seen on enterprise networks. Understanding the logical layout of OT networks can be a difficult and time-consuming task and cybercrime groups aren’t known for their vast reserves of patience. 

But a combination of factors has made these networks more attractive targets for a variety of adversaries. OT applications and devices often have default or hard-coded passwords that can be found easily and it’s often difficult to patch or upgrade those devices, too.

“CISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems. Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage,” the advisory says. 

“Recent analysis of this cyber activity indicates that targeted systems use default or easily guessable (using open source tools) passwords. Changing default passwords is especially important for public-facing internet devices that have the capability to control OT systems or processes.”

To mitigate the threat of these attacks, CISA and the other agencies recommend the following actions:

  • Remove OT devices from the internet

  • Change default passwords to strong, unique passwords

  • Separate OT networks from IT networks

  • Secure remote access to all OT networks