Filtered. Actionable. No vendor noise. We find what everyone else misses — counting internet-facing industrial devices, tracking state actors, and publishing original research. 53% of reported exposure is cloud infrastructure. We filter the cloud noise and report what's real.
We find the one thing everyone else missed
Not merely "devices that respond."; protocol analysis suggests these devices can receive commands. Modbus Function Codes 5/6/15/16. S7COMM write operations. CIP tag manipulation. We counted remote control capability, not generic "exposure."
53% of reported ICS devices are Aliyun scanners, Fly.io test VMs, and cloud infrastructure. IEC 104: 77% noise. S7COMM: 63% noise. We filter cloud providers and report real infrastructure.
Zero IPs run multiple ICS protocols. Perfect isolation. This invalidates common lateral movement assumptions. We found patterns Dragos, Nozomi, and Claroty don't discuss.
State actors targeting internet-facing industrial systems
What we found that nobody else published
First comprehensive analysis filtering cloud honeypots from ICS exposure data. 53% of reported devices are scanners. Real attack surface: 1.176M, not 2.5M.
Threat actors compromise OT forums and vendor portals to target engineers. Pattern analysis reveals watering hole risks. Defensive measures for industrial defenders.
Documented case of ransomware run entirely by AI agent. No human operator. Implications for OT environments and critical infrastructure defense.
Research-grade tools. No vendor noise, no login wall.
Shodan-powered ICS device discovery. Find internet-facing Modbus, S7, DNP3 devices across global infrastructure. Real exposure, filtered cloud noise.
Launch Tool →21-source threat intelligence pipeline. Daily digests, surge detection, defanged advisories. What Dragos, CISA, and independent researchers are flagging.
View Dispatches →Quick search for ICS/OT CVEs. Filter by severity, vendor, protocol. Know what matters before it matters.
Try Prototype →Get OT threat intelligence digests delivered. No spam. Unsubscribe anytime.