Claroty Flags Escalating Geopolitical Cyber Attacks on Industrial Control Systems

New updates have been reported about Claroty.

Claroty is warning that cyber-physical systems have become a preferred target for politically and socially motivated hackers, based on new research from its Team82 unit covering more than 200 attacks over 12 months. The report, focused on exposed internet-facing assets, shows that 82% of incidents involved remote access through VNC clients and that 66% compromised HMI or SCADA systems controlling real-time industrial processes.

Team82 links most of these drive-by attacks to Russia- and Iran-affiliated groups, with 81% of Iran-linked activity aimed at organizations in the U.S. and Israel and 71% of Russia-linked incidents targeting European Union entities, especially in Italy, France, and Spain. Claroty’s CTO and head of Team82, Amir Preminger, said the trend represents a major escalation against critical sectors such as manufacturing, water and waste, power generation, and healthcare, underscoring the business risk of service disruption, physical damage, and safety impacts.

The research highlights that many of the attacks are low-tech and do not rely on sophisticated vulnerabilities, instead exploiting misconfigured, exposed devices and insecure-by-design protocols like VNC and Modbus. Claroty positions this threat pattern as a structural security gap in CPS environments, where default credentials, weak configurations, and unmanaged connectivity expose operational technology, connected smart devices, and internet of medical things assets.

For asset owners and operators, Claroty’s findings translate into an urgent need to harden internet-facing CPS assets, replace default credentials, upgrade to secure protocols, and adopt continuous exposure management tuned to operational networks. The four-stage research methodology—Source Mapping, Continuous Monitoring, Verification, and Attack Analysis—was designed to filter out routine cybercrime and focus strictly on verified CPS incidents, reinforcing Claroty’s role as a specialist in this niche.

Strategically, the report reinforces demand for Claroty’s CPS-focused platform spanning exposure management, network protection, secure access, and threat detection delivered via its xDome cloud offering and on-premise Continuous Threat Detection. As geopolitical tensions persist in regions such as the Middle East and the Russia–Ukraine theater, Claroty is likely to see growing engagement from critical infrastructure operators seeking faster time-to-value and lower total cost of ownership in securing thousands of industrial sites globally.

Preminger’s call for eliminating “lax cybersecurity practices” around CPS suggests Claroty will continue to anchor its market positioning on research-driven insights and industry-centric security architectures. For executives overseeing industrial operations, the report signals that CPS risks are no longer hypothetical but are being actively exploited at scale, making investment in specialized CPS protection a near-term operational and reputational imperative.