A LinkedIn post from Cato Networks describes findings from the company’s threat researchers on a global campaign targeting internet-exposed programmable logic controllers via the Modbus protocol between September and November 2025. According to the post, the activity reportedly affected 70 countries and involved probing of 14,426 IP addresses, with indications of automated scanning and more advanced fingerprinting and disruption attempts.
Claim 55% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The post suggests that some of the observed sources were geolocated to China and that certain actions pointed to potential manipulation paths for industrial devices. It emphasizes that exposing Modbus services directly to the public internet materially increases operational risk and the likelihood of attacks, underscoring the cybersecurity challenges facing industrial and operational technology environments.
For investors, this content highlights ongoing demand drivers for industrial and network security solutions, particularly in sectors relying on PLCs and critical infrastructure. The post may indicate Cato Networks’ focus on threat research and visibility into industrial attack surfaces, which could support the company’s positioning in secure networking and threat prevention markets as cyber risks continue to escalate globally.