Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran?

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Tue, 14 Apr 2026 01:19:20 GMT

viss@mastodon.social — Tue, 14 Apr 2026 01:19:20 GMT

@tim_lavoie @da_667 @rootwyrm @cR0w @nerdpr0f with two exceptions, every medical professional ive ever met or known outside of a professional setting squarely puts the 'tech' of their clinic or hospital into the "someone elses problem" category. their position is it should be up to the 'tech people' to sort that shit out.

every hospital/clinic ive ever talked to refused to pay more than $5 for anything IT or security related. like they just outright refuse. completely. every time.

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Tue, 14 Apr 2026 00:00:21 GMT

tim_lavoie@cosocial.ca — Tue, 14 Apr 2026 00:00:21 GMT

@Viss @da_667 @rootwyrm @cR0w @nerdpr0f Have you ever tried to convince a doctor in a health care setting, that they actually have to log into things?

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 23:24:11 GMT

bakachu@infosec.exchange — Mon, 13 Apr 2026 23:24:11 GMT

@Viss @da_667 @rootwyrm @cR0w @nerdpr0f ....buuuuut i'd then say something like 'oh ok and your CRO is going to sign off on that?'

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 23:23:00 GMT

bakachu@infosec.exchange — Mon, 13 Apr 2026 23:23:00 GMT

@Viss @da_667 @rootwyrm @cR0w @nerdpr0f i'm at the point now where that kind of honesty is refreshing. even though it's still terrible.

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 20:51:24 GMT

gsuberland@chaos.social — Mon, 13 Apr 2026 20:51:24 GMT

@cR0w @da_667 @nerdpr0f hell even when it's state actors they just pick the simple stuff. IGRC needed to make it hard to navigate when they ("allegedly") stuck a limpet mine to the side of that fuel tanker near the Strait of Hormuz a few years ago. did they use an RCE to get into the ship's OT network, then pivot to the ECDIS to lock out navigation assistance? of course not, they just used a cheap radio jammer to make them lose GPS lock.

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 20:50:38 GMT

cr0w@infosec.exchange — Mon, 13 Apr 2026 20:50:38 GMT

@gsuberland @da_667 @nerdpr0f Ah, I gotcha. Yeah, people tend to think it's either an accident an actor made their way into OT space ( often is ) or they're targeting it and using whatever new mythical version of is discussed in the forums or Telegram channels or whatever.

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 20:47:51 GMT

gsuberland@chaos.social — Mon, 13 Apr 2026 20:47:51 GMT

@cR0w @da_667 @nerdpr0f yeah point being it's overwhelmingly just regular IT stuff where the attackers aren't interested in the OT environments at all. and when they do want something novel, like on the ships, it's never sophisticated. just the most basic technique possible to get the result.

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 20:44:56 GMT

cr0w@infosec.exchange — Mon, 13 Apr 2026 20:44:56 GMT

@gsuberland @da_667 @nerdpr0f I'm with you but you have to add the shitty firewall vulns in there in recent years too with ransomware and phishing.

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 20:42:59 GMT

gsuberland@chaos.social — Mon, 13 Apr 2026 20:42:59 GMT

@da_667 @cR0w @nerdpr0f weather, wildlife, and human error. the movie scenarios of mass cyber attacks are nonsense. most of the "cyber" happening with ICS/SCADA environments comes down to regular ransomware shit and phishing. even in the marine sector the biggest threat was pirate groups sending fake emails claiming to be the coastguard or a port authority telling the captain to redirect into unprotected waters, so they could steal the vessel's fuel. it ain't sophisticated at all.

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 19:49:39 GMT

multisn8@mastodon.catgirl.cloud — Mon, 13 Apr 2026 19:49:39 GMT

@nerdpr0f @cR0w "their heinious foreign hacking" vs "our glorious protective FISA"

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 19:48:10 GMT

multisn8@mastodon.catgirl.cloud — Mon, 13 Apr 2026 19:48:10 GMT

@nerdpr0f @cR0w Figuring the same, causality could be the other way around. Iran takes up a lot of collective {mind,news}space right now, leaving writers to think "oh Damn what could They possibly Do to Our Sacred Infrastructure". The leap isn't far to grab the next best thing, it just turns out a general vulnerability is prone to abuse from Iranian hackers as well

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 19:15:25 GMT

none@infosec.exchange — Mon, 13 Apr 2026 19:15:25 GMT

@Viss @da_667 @rootwyrm @cR0w @nerdpr0f mandatory plug of https://youtu.be/9IG3zqvUqJY

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 18:59:02 GMT

cr0w@infosec.exchange — Mon, 13 Apr 2026 18:59:02 GMT

@da_667 @mttaggart @nerdpr0f

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 18:58:15 GMT

viss@mastodon.social — Mon, 13 Apr 2026 18:58:15 GMT

@da_667 @rootwyrm @cR0w @nerdpr0f when i worked at sempra energy, one of the things i got to do was "vendor security reviews". that means doing assessments on shit rando business units wanted to buy or setup.

they would OPEN THE DISCUSSION with the phrase:

"tell me when youre done with your assessment, so we can file the risk acceptance forms".

meaning they had zero interest in the report, because they were gonna bypass it no matter what was in it

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 18:56:50 GMT

da_667@infosec.exchange — Mon, 13 Apr 2026 18:56:50 GMT

@cR0w @mttaggart @nerdpr0f

CISAs haunted

"what"

grabs cyber shotgun

CISAs haunted.

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 18:56:47 GMT

viss@mastodon.social — Mon, 13 Apr 2026 18:56:47 GMT

@da_667 @rootwyrm @cR0w @nerdpr0f

oh like target!
some hvac vendor came in and thats how they got all their registers infected.

yeah every time theres "big news"(tm) with nation state attackers everyone goes OH NO THEY CAN GO AFTER HYDRO AND POWER AND BANKS AND HOSPITALS

of course thats where they would go

all those verticals intentionally avoid security at nearly all cost all the time.

they're the lowest hanging fruit

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 18:55:35 GMT

cr0w@infosec.exchange — Mon, 13 Apr 2026 18:55:35 GMT

@mttaggart @da_667 @nerdpr0f CISA appears to no longer be any more than three DOGE kids in a trenchcoat with a pile of cocaine. I don't expect citations from them anymore as I don't hardly trust them anymore. We can discuss some of that elsewhere when I get my brain in that mode, but there has been so much advice from CISA that appears to just be "Grok, search for Iran and rehash something to make it sound current and relevant."

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 18:54:40 GMT

ryanb@infosec.exchange — Mon, 13 Apr 2026 18:54:40 GMT

@rootwyrm @da_667 @cR0w @nerdpr0f Seen it.

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 18:52:59 GMT

cr0w@infosec.exchange — Mon, 13 Apr 2026 18:52:59 GMT

@da_667 @nerdpr0f RIP cybersquirrel1

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 18:52:58 GMT

da_667@infosec.exchange — Mon, 13 Apr 2026 18:52:58 GMT

@rootwyrm @cR0w @nerdpr0f that's exactly what I was saying. I was a part of an IR engagement where a gas generation plant had to go into manual mode because the vendor infected their server 2003 cluster and fucked operations there for weeks.

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 18:52:53 GMT

mttaggart@infosec.exchange — Mon, 13 Apr 2026 18:52:53 GMT

@da_667 @cR0w @nerdpr0f I mean I think the point was that this is a pattern observed in the past by specifically these actors, and that in this moment, it's worth reconsideration.

Now granted, CISA does not cite their sources, but the claim was this exploitation was happening anew. And if it was similar to the CyberAv3ngers situation, they wouldn't be shy about claiming credit.

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 18:52:39 GMT

nerdpr0f@infosec.exchange — Mon, 13 Apr 2026 18:52:39 GMT

@rootwyrm @da_667 @cR0w Don't forget bad third party dependencies.

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 18:52:13 GMT

rootwyrm@weird.autos — Mon, 13 Apr 2026 18:52:13 GMT

@da_667 @cR0w @nerdpr0f hey now, sometimes the vendors of the equipment attached to the PLC are the ones who bring in the infected shit.

Reply to Why are there so many articles about PLCs on the Internet where they specifically say they're vulnerable to attacks from Iran? on Mon, 13 Apr 2026 18:52:03 GMT

da_667@infosec.exchange — Mon, 13 Apr 2026 18:52:03 GMT

@cR0w @nerdpr0f even more important than that for power generation and distribution, it was the wildlife and the climate that was a bigger threat than any of those things.