Cybernetic Global Intelligence’s advisory warns of growing pro-Russia hacktivist activity targeting critical infrastructure. Named groups include Cyber Army of Russia Reborn (CARR), NoName057(16), Z-Pentest and Sector16. Their primary entry point is internet-exposed Virtual Network Computing (VNC) on HMI systems, compromised via password spraying or default credentials. Documented impacts include operator lockout, setpoint manipulation, alarm suppression, “loss of view” conditions, device restarts or shutdowns, operational downtime, remediation costs, and heightened safety risk for community services.
Targeted sectors include water and wastewater, ports, food and agriculture, and energy, telecommunications and aviation, with victims reported in the United States and elsewhere. The advisory also notes that attackers may exaggerate claims for publicity, so verification and communications discipline matter. For Australian OT owners and operators, priorities are to scan for exposed VNC, reduce OT internet exposure (VPN/firewalls and time-limited access), segment IT and OT networks, enforce MFA or strong credential standards, and strengthen monitoring, logging, backups and manual-operation plans. Establish safe baselines for setpoints, and alert on deviations. If compromise is suspected, isolate affected hosts, conduct threat hunting, reimage systems, rotate credentials, and follow reporting requirements.
Read the full PDF advisory and apply the 30/60/90-day checklist: Download the advisory (PDF).