Breaking Research

Independent OT/ICS
Threat Intelligence

Filtered. Actionable. No vendor noise. We find what everyone else misses — counting internet-facing industrial devices, tracking state actors, and publishing original research. 53% of reported exposure is cloud infrastructure. We filter the cloud noise and report what's real.

5
Protocols Tracked
53%
Cloud Noise Filtered
0%
Multi-Protocol
100%
Unauthenticated

Sniper Methodology: We Don't Count Everything

We find the one thing everyone else missed

🎯 Write-Capable Analysis

Not merely "devices that respond."; protocol analysis suggests these devices can receive commands. Modbus Function Codes 5/6/15/16. S7COMM write operations. CIP tag manipulation. We counted remote control capability, not generic "exposure."

🔍 Cloud Noise Filtering

53% of reported ICS devices are Aliyun scanners, Fly.io test VMs, and cloud infrastructure. IEC 104: 77% noise. S7COMM: 63% noise. We filter cloud providers and report real infrastructure.

🧬 Protocol-Level Patterns

Zero IPs run multiple ICS protocols. Perfect isolation. This invalidates common lateral movement assumptions. We found patterns Dragos, Nozomi, and Claroty don't discuss.

Active Threat Landscape

State actors targeting internet-facing industrial systems

OT Threat Digest

Updated daily
2 CRITICAL 5 HIGH 8 MEDIUM 7 INFO
CISA Issues Emergency Directive for Unpatched PLC Vulnerability
CISA has issued an emergency cybersecurity directive for all federal agencies after discovering critical vulnerabilities in widely deployed PLCs...
CISA ICS CRITICAL
Nation‑State Actors Exploit SCADA Protocol Flaws in Critical Infrastructure
APT groups exploiting unauthenticated SCADA protocol implementations to gain remote access to water treatment and power grid systems...
Industrial Cyber CRITICAL
Zero‑Day Exploit in Industrial Firmware Puts Nuclear Plants at Risk
Critical zero‑day vulnerability in industrial controller firmware; proof‑of‑concept exploit code now circulating...
SecurityWeek HIGH
Water Utility Ransomware Attack Disrupts Services in Three US States
Coordinated ransomware attack disrupted water treatment across three states, affecting critical infrastructure...
CyberScoop HIGH
Modbus TCP: Unauthenticated Access to Industrial Control Networks
Analysis of five critical ICS protocols reveals systematic lack of authentication across exposed infrastructure...
Industrial Cyber HIGH
Dragos Report: Energy Sector Top Target for State‑Sponsored OT Attacks
Latest assessment shows energy sector remains most targeted vertical for state‑sponsored OT attacks...
SecurityWeek HIGH
IEC 62443 Standard Updated for Remote Access Security
OT cybersecurity standard updated to include requirements for securing remote access engineering workstations...
BleepingComputer MEDIUM
Critical CVE in Siemens S7‑1200 PLCs Under Active Exploitation
Critical vulnerability in Siemens S7‑1200 PLCs being actively exploited; allows remote code execution...
BleepingComputer MEDIUM

Original Research

What we found that nobody else published

Industrial Control Systems on the Open Internet: A Threat Intelligence Analysis

First comprehensive analysis filtering cloud honeypots from ICS exposure data. 53% of reported devices are scanners. Real attack surface: 1.176M, not 2.5M.

OT Watering Hole Attacks: How Threat Actors Target ICS Communities

Threat actors compromise OT forums and vendor portals to target engineers. Pattern analysis reveals watering hole risks. Defensive measures for industrial defenders.

JadePuffer: First Fully Autonomous AI Ransomware

Documented case of ransomware run entirely by AI agent. No human operator. Implications for OT environments and critical infrastructure defense.

Free OT Security Tools

Research-grade tools. No vendor noise, no login wall.

🛠

LOT-Squatch — OT Exposure Hunter

Shodan-powered ICS device discovery. Find internet-facing Modbus, S7, DNP3 devices across global infrastructure. Real exposure, filtered cloud noise.

Launch Tool →
🔎

Threat Radar — OT Intelligence Dispatch

21-source threat intelligence pipeline. Daily digests, surge detection, defanged advisories. What Dragos, CISA, and independent researchers are flagging.

View Dispatches →
🔬

CVE Lookup — ICS Vulnerability Search

Quick search for ICS/OT CVEs. Filter by severity, vendor, protocol. Know what matters before it matters.

Try Prototype →