版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
OPERATIONALTECHNOLOGY
THREATREPORT
November2025
Presentedby
2OperationalTechnologyThreatReport,October2025
EXECUTIVESUMMARY
FromApril1toSeptember30,2025,operational
technology(OT)andindustrialcontrolsystems(ICS)
facedunprecedentedthreatsfromsophisticated
adversaries.Trellixtelemetrydetected272,512OT/ICS-relatedthreatsacross572uniquecustomers,while333ransomwareattacksspecificallytargetedcriticalinfrastructuresectors.
Thethreatlandscaperevealscoordinatedcampaignsbystate-sponsoredactorsandransomwaregroups,withthemanufacturing,transportationandshipping,utilities,andenergy/oilandgassectorsbearingthe
highestrisk.NotablethreatactorsincludeSandwormTeam,Qilinransomware,andspecializedgroupslikeTEMP.Velestargetingsafetysystems.
3OperationalTechnologyThreatReport,October2025
OTTHREATLANDSCAPEOVERVIEW
TheglobalOTthreatenvironmenthasintensifiedsignificantly,
drivenbygeopoliticaltensionsandtheincreasingdigitizationofindustrialsystems.State-sponsoredactorsfromRussia,Iran,andNorthKoreahave
expandedtheirtargetingofcriticalinfrastructure,whileransomwaregroupshavedevelopedspecializedcapabilitiesforOTenvironments.
Manufacturingemergedastheprimarytarget,representing41.5%ofall
detections.Thisconcentrationreflectsthesector’scriticalroleinglobal
supplychainsandofteninadequateOTsecuritymeasures.Transportationandshippingrankedsecondindetectionswith27.6%,andtheutilities,
ThisbreakdownrepresentsthreatsdetectedprimarilywithinIT
energy/oilandgas,andaerospaceanddefenseindustriesaccountedforacombined21.5%ofdetections.
PRIMARYOT/ICSINDUSTRYTARGETS(APRIL1–SEPTEMBER30,2025)
ManufacturingIndustrial
Transportation&ShippingProcessManufacturing
UtilitiesAutomotive
Energy/Oil&GasOther
Aerospace&Defense
OT/ICSIndustrySectors
41.5%
27.6%
8.9%
7.0%
5.6%
2.4%
2.2%
1.3%
3.5%
01020304050
PercentageofDetections
infrastructureoforganizationsoperatinginOT/ICSindustries,ratherthandetectionsfromOTenvironmentsthemselves.Thesedetectionsacrossemail(55.6%),networkperimeter(25.4%),andendpoint(18.5%)environmentsprovidecriticalvisibilityintothreatstargetingindustrialsectors,asITcompromiseoftenservesastheprimaryentrypointforattacksthatcanimpactconnectedOTsystems.
4OperationalTechnologyThreatReport,October2025
Geopoliticalfactorssignificantlyinfluencedtargetingpatterns.Russian-
linkedgroupsfocusedonUkrainianenergyinfrastructure,whileIranian
actorsconcentratedonregionalpetrochemicalfacilities.Theongoing
conflictinUkrainehasacceleratedtheweaponizationofcybercapabilitiesagainstindustrialsystems.
THREATACTORACTIVITY
SandwormTeam(Russia,GRUUnit74455)
Profile
SandwormTeam,alsoknownasBlackEnergy,VoodooBear,orIronViking,
remainsoneofthemostaggressiveandcapablestate-sponsoredthreatactorstargetingOTenvironments.OperatedbyRussia’sGRUMainCenterforSpecialTechnologies(GTsST,Unit74455),Sandwormhasspecializedincyber-physicaldisruptionaspartofRussia’shybridwarfarestrategy.
ActivityandTactics
Between2022and2025,Sandwormdominatedindustrialthreattelemetry,
responsiblefornearlyathirdofobservedOT-relatedintrusions.TheycontinuedsystematiccampaignsagainstUkrainianenergy,telecommunications,and
governmentnetworks,deployingIndustroyer2todisruptpowersubstations,andmultipledestructivewipers—CaddyWiper,NikoWiper,andORCSHRED—toerasesystemdataandimpederestorationefforts.Theiroperationsoften
coincidewithkineticmilitaryactions,suggestingcoordinationbetweencyberandconventionalwarfare.
ImpactandOutlook
Sandworm’scampaignshavedemonstratedarepeatable,modularattackmodelfortargetingICSes,positioningthemasthebenchmarkfornation-state-levelOTthreats.Thegroup’spersistentevolutionofwiperfamilies
andexploitationofbothITandOTprotocolsindicatesongoingR&D
investment.Theiractivityreinforcestheneedforresilience-baseddefense,rapidsystemrestoration,offlinebackups,andout-of-bandcommunicationinconflict-proneregions.
TEMP.Veles/XENOTIME(Russia-linked,SafetySystemsFocus)
Profile
TEMP.Veles,alsotrackedasXENOTIME,isanelite,possiblyRussian-linkedactorbehindtheTRITON(alsoknownasTRISISorHatMan)malware.Theyspecializeincompromisingsafetyinstrumentedsystems(SIS),specificallytheTriconexcontrollersusedtopreventcatastrophicfailuresinindustrialplants.
ActivityandTactics
Theirhallmarkintrusion,againstaSaudiArabianpetrochemicalfacilityin
2017,aimedtoreprogramsafetycontrollerstocausephysicaldamageorlossoflife.Sincethen,TEMP.Veleshasbeenobservedconductingreconnaissanceandpersistenceoperationsinenergyandchemicalfacilitiesworldwide.Theyexploitengineeringworkstationsandsystemintegrators’credentialstomovelaterallyintoOTenvironments.TheiroperationsinvolvemultistageintrusionsblendingITexploitationwithOTprotocolmanipulation,demonstratingdeepprocessunderstanding.
5OperationalTechnologyThreatReport,October2025
ImpactandOutlook
TEMP.Veles/XENOTIMEremainsthemosttechnicallyadvancedOT
adversaryknown,beingtheonlyactortodirectlyattempttosubvertsafetysystems.Theirongoingreconnaissanceactivitysuggestsintenttomaintaincontingencyaccessforpotentialfuturesabotage.Fordefenders,thisgroupunderscorestheimportanceofmonitoringsafetynetworksseparately,
auditingSISfirmwareintegrity,andisolatingengineeringworkstationswithstrictchangecontrol.
QilinRansomwareGroup(Cybercriminal,OT-targetingAffiliateNetwork)
Profile
Qilin(alsoknownasAgenda)representsthenewgenerationofransomware-as-a-service(RaaS)operationsexplicitlyextendingintoindustrial
environments.Whilefinanciallymotivated,theiroperationsincreasinglyexhibitknowledgeofindustrialdependencies,particularlyinenergydistributionandwatertreatmentsectors.
ActivityandTactics
Frommid-2024through2025,Qilinledallransomwareactivityagainst
industrialentities,with63confirmedattacks,includingagainstUganda
ElectricityTransmissionCompanyandseveralwaterutilitiesacrossEurope
andAsia.Theyoftendeploydual-usepayloadscapableofdisruptingbothIT
andOTnetworksbyencryptingsharedengineeringresources,configurationservers,andhistoriansystems.Qilin’suseofAgendaransomwarevariantswithWindowsandLinuxpayloadsallowscross-platformexecutionwithinmixed
environments.RecentlyQilinhasclaimedresponsibilityfortheattackagainsttheAsahibreweryinJapan.
ImpactandOutlook
QilinexemplifiestheblurringofcriminalandOT-focusedthreats,leveraging
ransomwareasbothextortionanddisruptiontools.Theirsuccessunderscoreshowransomwareoperatorsarelearningtoexploitavailability-sensitive
environmentsformaximumleverage.Continuedcross-sectorcollaborationandsharedtelemetrybetweenITSOCsandOTdefendersareessentialtocountertheirexpandingreach.
APT33andAPT34(Iran,OilandGasEspionageandSabotage)
Profile
APT33(Elfin)andAPT34(OilRig)areIranianstate-linkedgroupsactivesince
themid-2010s,bothheavilyfocusedontheenergysectorandregionalrivalsintheGulf.Initiallyknownforcyberespionageandcredentialharvesting,bothgroupshavegraduallyadopteddestructivecomponentsintheiroperations.
ActivityandTactics
APT33hastargetedaviation,petrochemical,andmanufacturingnetworks
toexfiltrateintellectualpropertyandcredentialsforfollow-onaccess.APT34maintainspersistentfootholdsinenergyandgovernmentenvironments
throughphishingandexploitationofweb-facinginfrastructure.Inlater
campaigns,bothgroupsdeployedShamoonandZeroClearewiperstocausedatalossanddowntime.Theirtoolingsuggestsincreasingmaturityand
partialconvergenceintradecraft,withsharedinfrastructureandoverlappingobjectives.MoredetailsontheIraniancybercapabilitiescanbefoundinourpublicresearch.
6OperationalTechnologyThreatReport,October2025
ImpactandOutlook
Iranianoperationshaveevolvedfromopportunisticespionagetostrategiccybercoercion,oftentimedwithgeopoliticaltensions.Thedual-usenatureoftheircampaigns—espionagefollowedbydestruction—makesthem
particularlychallengingtodefendagainst.Enhancedidentitymanagement,networksegmentation,andendpointtelemetryinOTDMZsremaincriticalmitigationlayersfororganizationsintheenergysector.
RecentCampaigns(2025Focus)
•PathWiper(Ukraine,June2025):Adestructivecampaign
targetingUkrainianenergyoperators,possiblylinkedto
Sandworm,designedtomimicransomwarewhilepermanentlyerasingdata.ItreinforcesRussia’scontinueduseofpseudo-
ransomwaretomaskpoliticallymotivatedsabotage.
•BlueLocker(Pakistan,2025):Ransomwareincidentsaffecting
Pakistan’soilandgascompanies.Theoperatorsblendedcriminalandgeopoliticalmotives,leveragingaccessthroughlocalvendorsandexposingthefragilityofthird-partyOTserviceecosystems.
•StaticTundra(Global,2025):AcampaignexploitingunpatchedCiscoIOSvulnerabilitiestogainaccesstotelecommunicationsandmanufacturingnetworks.Believedtobeanadvanced
persistentactorusingcompromisednetworkequipmentasstagingpointsforlateralmovementintoOTsegments.
StrategicContext
From2020to2025,theOTthreatlandscapeshiftedfromisolated,state-
linkeddisruptionstoaconvergedecosystemofstateandcriminalactorswithoverlappingmethodsandtargets.StategroupssuchasSandwormTeam
andTEMP.Velespursuestrategicdisruption,whilehybridandransomware
groupslikeQilinexploitthesamepathwaysforprofit.Therecurringthemes—compromisedremoteaccess,supplychainabuse,anddestructivemalwaredisguisedasransomware—highlighttheurgencyofintegratingthreat
intelligence,OTnetworkvisibility,andsupplieraccountabilityintocriticalinfrastructuredefensemodels.
7OperationalTechnologyThreatReport,October2025
TACTICS,TECHNIQUES,PROCEDURES(TTPS)
ThemostprevalentattacktechniquestargettheIT-to-OTboundary,exploitinginsufficientnetworksegmentation.PowerShellemergedastheprimaryattackvector(96,061detections),followedbyCobaltStrike(85,986detections)for
post-exploitationactivities.
MITREATT&CKforICSMapping
•T1046–NetworkServiceScanning:Industrialprotocoldiscovery
•T1021.002–SMB/WindowsAdminShares:Lateralmovementtoengineeringworkstations
•T1078–ValidAccounts:Compromisedengineeringcredentials
•T1485–DataDestruction:Processdataandsafetysystemtargeting
•T1489–ServiceStop:Safetysystemmanipulation
IT-to-OTpivotingoccursthroughcompromisedengineeringworkstations,
sharedcredentials,andexploitationofremote-accesssolutions.Attackers
leveragelegitimateindustrialprotocols(Modbus,DNP3,IEC61850)toblendmaliciouscommandswithnormaloperations,makingdetectionchallenging.
AdvancedgroupsdeployspecializedtoolslikeIndustroyerfordirectcontrol
ofelectricitysubstationswitchesandTRITONforsafetysystemmanipulation.ThesecapabilitiesrepresentasignificantescalationfromtraditionalIT-focusedattackstooperationscapableofcausingphysicaldamage.
VULNERABILITYANDEXPOSUREINSIGHTS
Legacyindustrialprotocolsremaintheprimaryattacksurface,withModbus,DNP3,andproprietarySCADAprotocolslackinginherentsecurityfeatures.
Human-machineinterfaces(HMIs)andengineeringworkstationsfrequentlyserveaspivotpointsduetodualIT/OTnetworkconnectivity.Toframethe
operationalhierarchy,thisreportreferencestheISA-95/PurdueModel,
whereLevel4/3encompassesEnterpriseandManufacturingOperations
Management(MES)systems,Level2includesSupervisoryControl(HMIsandSCADA),andLevel1/0coversthephysicalcontrollersandsensors(PLCs).
Programmablelogiccontrollers(PLCs)faceincreasingtargeting,particularlySchneiderElectricTriconexsystems(TRITONattacks)andSiemenscontrollers.Remote-accesssolutions,includingVPNsandremotedesktopprotocols,
provideinitialaccessvectorswhenimproperlysecured.
Vendorresponsetimesvarysignificantly,withcriticalOTvulnerabilitiesoftenrequiringextendedpatchingcyclesduetooperationalconstraints.
TheaveragetimefromvulnerabilitydisclosuretopatchdeploymentinOTenvironmentsexceeds180days,comparedto30daysfortraditional
ITsystems.
8OperationalTechnologyThreatReport,October2025
ThemostsignificanttrenddefiningthecurrentOTthreatlandscapeisthe
strategicfocusontheIT/OTboundary.Threatactors,recognizingtheinherentdifficultiesandhighvisibilityrisksofdirectlytargetinglow-levelcontrollers,
areinsteadprioritizingthecompromiseofLevel3andLevel4systemsthatbridgethenetworks.
TheseboundarydevicesandindustrialsoftwareplatformsofferaneasierandmorescalableentrypointthroughcommonIT-likevulnerabilities(suchasRCEinremote-accesstoolsandenterpriseapplications)butyieldhighlykineticOToutcomes—namely,theabilitytomanipulateproductiondata,disablesafetycontrols,orforcewidespreaddisruptionacrossthecontrolplane.Thisdynamicmeansthatperimeterdefenseisnowmorecriticalthaneverformaintainingoperationalintegrity.
ThespecificCVEexamplesdetailedbelowareintendednotasanexhaustivelist,butratherasrepresentativecasesofthehigh-impactvulnerabilities
disclosedandactivelyexploitedduringtheQ2andQ32025period.Theseinstancescollectivelyillustratetheshiftingfocusofmodernthreatactorstowardstrategicpivotpointswithintheindustrialecosystem.
1.ExploitationinPerimeterandRemote-accessDevices
Criticalnetworkinfrastructuredevices—whicharefrequentlyusedtosegmentorprovideremoteaccessintoOTnetworks—wereunderconstantattack.
Exploitingtheseflawsprovidesunauthenticated,root-levelaccesstotheinternalnetwork.
•CiscoASA/FTDZero-DayCampaign(CVE-2025-20333&CVE-2025-
20362):Astate-sponsoredthreatactor,linkedtothe“ArcaneDoor”
activity,activelyexploitedachainofzero-dayvulnerabilitiesinCisco
ASAandFirepowerThreatDefense(FTD)devicesinQ32025.This
campaignprovidedunauthenticatedaccessandremotecodeexecution(RCE)onthefirewallsthemselves,withattackersevenmodifyingthe
devices’firmware(ROMMON)forpersistenceacrossreboots.
OTRiskConnection:Thesedevicesformthenetworkboundary;
compromisingthemmeanstheprimarysegmentationdefenseiscompletelynullified,grantingtheattackerunfetteredaccesstoOTnetworksegmentsforlateralmovementandreconnaissance.Thistranslatesdirectlytolossofnetworkdefense.
•Erlang/OTPSSHRCE(CVE-2025-32433):Thisflaw(CVSS10.0)in
theErlangSSHlibrary—foundinmanynetworkingcomponentsandOT
appliances—allowedanunauthenticatedremoteattackertoexecutecode.ExploitationattemptswereobservedinQ22025targetingexposedports.
OTRiskConnection:ManyhardenedLinux-basedcontrolservers,data
historians,andcommunicationgatewaysinOTenvironmentsrelyon
Erlang/OTPformanagementinterfaces.AnunauthenticatedRCEonthesesystemsprovidesahigh-privilegefootholdinsidethecontrolnetwork,
leadingtopotentiallossofview(tamperingwithhistoriandata)oranimmediatepivotpoint.
9OperationalTechnologyThreatReport,October2025
2.CompromiseofIT-integratedIndustrialSoftware
Vulnerabilitiesinsoftwarethatlinksbusinesssystems(ERP)to
manufacturingprocesses(MES)serveashigh-privilegepivotpointsintothecoreOTenvironment.
•SAPNetWeaverRCEChain(CVE-2025-31324&CVE-2025-42999):ThispairofcriticalvulnerabilitiesinSAPNetWeaver’sVisualComposerwasactivelyexploitedbymultipleransomwareandespionagegroups
(includingQilinandBianLian)throughoutQ22025.
OTRiskConnection:SAPNetWeaveristheprimarysourceforproductionscheduling,billofmaterials(BOM),andqualitycontroldatafeddirectly
intomanufacturingexecutionsystems(MES).Compromisingthisplatformallowsactorstosubtlypoisonordisruptthecoreproductiondata,
potentiallycausingbatcherrors,qualityfailures,orunexpectedoperationalhalts(lossofintegrityandcontrol).
•DassaultDELMIAAprisoRCE(CVE-2025-5086):ThiscriticalRCEflawintheDELMIAAprisoManufacturingOperationsManagement(MOM)
softwarewasaddedtotheCISAKEVcataloginQ32025duetoconfirmedexploitationinthewild.
OTRiskConnection:AsanMES/MOMplatform,Aprisoorchestratestheentirefactoryfloor,trackingassets,labor,andprocessflow.RCEon
thisservermeansanattackergainscontroloverthesystemthatdrivestheindustrialworkflow,leadingtolossofvisibility(spoofingproduction
reports)andthepotentialtoissuemaliciouscommandstocontrolsystems(lossofcontrol).
3.High-riskDirectOTDeviceDisclosures
Thesecriticalflawstargetthecontrollersthemselves,representingthe
inherentriskinvendorproductlinesandthelong-termthreatofunpatchableOTinfrastructure.
•RockwellControlLogixRCE(CVE-2025-7353):AcriticalvulnerabilityinControlLogixEthernetmodulesallowsanunauthenticatedattackerto
gainRCEbyleveraginganunintendedweb-baseddebuggerendpoint.OTRiskConnection:TheEthernetmoduleisthecommunicationsspineofthePLCchassis.GainingRCEheremeansanattackercantamperwithorhaltcommunicationstotheprocessor,facilitatingtheinjection
ofmaliciouslogicordisablingsafetyfunctionalitywithouttheneedforengineeringcredentials.
•RockwellDoSFlaws(CVE-2025-24478&CVE-2025-9166):Multiplehigh-severityflawsthatallowanunauthenticated,remoteattackertotriggeramajornon-recoverablefault(MNRF)oradenialofservice(DoS)conditiononGuardLogixandControlLogixPLCs.
OTRiskConnection:Thisdirectlycompromisesavailability,forcingthe
controllerintoafailedstatethatrequiresaphysicalpowercycletoresolve.Incontinuousprocessenvironments,thisleadstoimmediate,
unscheduledproductionshutdown,materialspoilage,andsignificanteconomicimpact.
10OperationalTechnologyThreatReport,October2025
•ABBASPECTAuthenticationBypass(CVE-2025-53187):Acritical
(CVSS9.8)flawinABBASPECTsystemsthatpermitsanunauthenticatedattackertobypasssecurityandgainadministrativecontrol.
OTRiskConnection:ASPECTisabuildingmanagementsystem(BMS)orcontrolmanagementsystem(CMS).Compromisegrantscontrolover
physicalfacilityinfrastructure(HVAC,ventilation,powermanagement).
Thiscontrolcanbeleveragedforsafetyrisk(e.g.,manipulatingair
pressureinacleanroom)ortofacilitatephysicalintrusionbyunlockingaccesscontrols.
KeyTakeaways
•Zero-TrustVendorAccess:Treatallexternalconnections—includingthosefromlong-termintegratorsorOEMs—asuntrusted.Enforcegranular,time-boundcredentialsandsessionmonitoringforallremotemaintenance.
•SoftwareAssuranceandSBOMVisibility:Requirevendorstoprovide
softwarebillsofmaterials(SBOMs),validatedigitalsignatures,andmonitorfortamperedoroutdatedcomponentsinupdates.
•VendorAccountability:Embedcybersecurityclausesintosupplier
contracts,mandatingsecureupdatepractices,vulnerabilitydisclosure,
andimmediatereportingofincidentsthatcouldaffectOTenvironments.
•NetworkSegmentationandContinuousMonitoring:Ensuresupplier-facinggatewaysareisolatedfromproductionnetworks,andmaintainvisibilityoveroutboundtrafficthatcouldsignalunauthorizeddata
exchangeorcommandactivity.
•SharedThreatIntelligence:Participateinsector-specificinformation
sharing(e.g.,ISACs/ISAOs)toquicklyidentifysupplychaincompromisesimpactingindustrialpeersorupstreamproviders.
HISTORICALCASESTUDIES
1)2024–CyberAv3ngersTargetUnitronicsPLCs(WaterandOtherSectors,U.S.)
Betweenlate2023and2024,anIran-linkedgroupknownasCyberAv3ngers
exploitedinternet-exposedUnitronicsPLCsinthewaterandwastewater
sectorandothersmallindustrialenvironments.AttackersdefacedHMIscreenswithpoliticalmessagesandoccasionallymodifiedPLClogic,highlightingtherisksofdefaultcredentialsanddirectinternetexposure.SeveralU.S.utilities
wereaffected,promptingnationwideCISAandWaterISACadvisories.
Lessonslearned:Eliminatedirectinternetaccesstocontroldevices,change
vendor-defaultpasswords,enforcenetworksegmentationandVPNgatewaysformaintenanceaccess,andcontinuouslymonitorforunauthorizedlogicorconfigurationchanges.
11OperationalTechnologyThreatReport,October2025
2)2022–Industroyer2AttemptonEnergyInfrastructure(Ukraine)
InApril2022,Russia’sSandwormTeamdeployedIndustroyer2,asuccessortothe2016grid-attackingmalware,againstUkrainianhigh-voltage
substations.SwiftdefensiveactionbyCERT-UAandESETpreventeda
blackout.Themalware’smodulardesignanduseofnativeOTprotocols
(IEC-104)demonstratedthatstateactorsretainoffensivecapabilitytodirectlymanipulatephysicalprocesses.
Lessonslearned:Energyoperatorsmusthardensubstationnetworkswithstrictallow-lists,secureserialinterfaces,andactiveprotocolinspection.Jointincident-responseexerciseswithOEMsandnationalCSIRTsremainessentialforrapidcontainmentandrestoration.
3)2021–ColonialPipelineRansomwareIncident(U.S.)
InMay2021,theDarkSideransomwareoperationhitColonialPipeline’s
corporateITsystems,promptingapreemptiveshutdownofOToperationstopreventlateralspread.Thefive-dayoutagedisrupted45percentofEastCoastfuelsupplyandtriggeredafederalemergencydeclaration.ThoughtheOT
networkwasnotdirectlyencrypted,interdependenciesbetweenbusinessandoperationsfunctionsmaderecoverycomplex.
Lessonslearned:BuildresilientinterfacesbetweenITandOT,rehearsemanualoperationsandrestartplans,andensureincidentresponsecanisolateIT
systemswithouthaltingsafeplantfunction.
4)2021–OldsmarWaterUtilityIntrusion(Florida,U.S.)
InFebruary2021,anunknownactoraccessedtheOldsmarwatertreatmentplant’sSCADAHMIviaTeamViewerandbrieflychangedchemicaldosagesettingstounsafelevels.Anoperatornoticedandreversedthechange,
preventingharm.Whilenodamageoccurred,theincidentexposedweakremote-accesscontrolscommoninsmallutilities.
Lessonslearned:Limitremote-controlsoftware,requiremultifactorauthentication,logHMIactivity,andconfigureprocessalarmsforout-of-profilesetpoints.
5)2020–NaturalGasCompressionFacilityRansomware(U.S.)
Inearly2020,ransomwaredisruptedaU.S.naturalgascompressionfacility’scontrolandcommunicationassets,causingatwo-dayshutdownandsupplychaindelays.TheattackspreadfromITintoOTduetoinsufficientnetwork
segmentationandsharedcredentials.
Lessonslearned:ImplementrobustIT/OTsegmentation,regularbackups
forengineeringworkstationsandcontrollerconfigs,andcomprehensiveOTincident-responsedrills.
12OperationalTechnologyThreatReport,October2025
Sectorcontextandtakeaways(2020–2025)
Overthepastfiveyears,attacksonoperationaltechnologyhaveevolvedfromaccidentalITspillovertodeliberatetargetingofcriticalinfrastructurebybothcriminalandstate-sponsoredactors.Energyandwatersectorshavebornethebrunt,withthemesofransomware-drivendisruption,remote-accessabuse,
andsupply-chainweaknesses.
TheUkraineandCyberAv3ngerscasesunderscoreatrendtowardhybrid
warfareandgeopoliticalmessagingthroughcyber-physicaleffects.For
defenders,theimperativesareclear:builddefensibleOTar
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 小学三年级数学《口算除法(1)》教学设计
- 花艺布展协议书
- 逻辑门保真度阈值圆设计规范
- 2026行政能力测试题及答案
- 加湿器喷雾颗粒大小设计规范
- 工程咨询企业内训:人力成本核算优化的价值与路径教学设计
- 化学学习过程(努力、方法)评价试题
- 化学兴趣特长(下学期)发展评估试题
- 2026年芜湖市繁昌区中小学公开聘任退休教师30名笔试参考题库及答案详解
- 污水处理公司设备运行绩效考核管理制度
- GB/T 34010-2026建筑物气密性测定方法风扇压力法
- (完整)2026年全国高校辅导员素质能力大赛基础知识试题+参考答案
- 人力国企笔试题及答案
- 2026-2030中国间苯二甲酰氯(ICL)(CAS-99-63-8)行业市场发展趋势与前景展望战略分析研究报告
- 2026年7月自考06049心理学导论押题及答案
- 2026年C1驾照科目一考试试题及详细答案解析
- 汽车维修汽车故障诊断手册
- 2026年防汛抗旱指挥部办公室面试常见问题及答案解析
- 广告发布三级审批制度
- 应急处置安全指导手册
- 2025年葫芦岛市连山区教师招聘考试真题附答案
评论
0/150
提交评论