The Stuxnet worm is widely acknowledged as the first verified cyberattack intended to damage critical infrastructure. Identified in 2010 but deployed as early as 2009, it targeted uranium enrichment systems at Iran’s Natanz Nuclear Facility, resulting in the physical destruction of centrifuges.
Moving ahead to the post-IT/OT convergence surge of the mid- to late-2010s, attacks on operational technology and critical infrastructure have grown considerably more frequent and damaging, fueled by greater connectivity between IT and OT environments that has broadened the attack surface and allowed attackers to penetrate industrial systems via enterprise IT networks.
TXOne Networks, a cybersecurity firm, reported that 96% of OT incidents in 2025 could be linked to IT system compromises. Forescout, meanwhile, discovered that attacks on OT protocols rose by 84% in 2025 compared to the prior year, led by Modbus (57% of attacks) and Ethernet/IP (22%). Dragos documented a nearly 95% surge in ransomware attacks during the same period, along with a 49% rise in the number of ransomware groups targeting industrial organizations.
Industrial and OT systems were targets even before they were connected to the internet, and IT/OT convergence — despite its advantages — is making such systems systematically more reachable, visible and attractive to attackers.
This week’s featured news spotlights the latest OT and critical infrastructure attacks and trends, along with why the government is promoting zero trust as a solution to the problem.
Lotus Wiper: Destructive cyberattack targets Venezuelan energy sector
In December 2025, Venezuela’s energy sector experienced a sophisticated cyberattack involving Lotus Wiper malware, which leveraged living-off-the-land techniques to destroy system data and disrupt operations.
The attack, examined by Kaspersky Lab, utilized batch scripts to orchestrate network infiltration, disable defenses and erase critical files, rendering systems unrecoverable.
Experts observed that this reflects an expanding trend of nation-state actors employing wiper malware as a potent cyber weapon against critical infrastructure, underscoring the importance of network segmentation and immutable backups to mitigate such threats.
Read the full article by Robert Lemos on Dark Reading.
Manufacturing remains most targeted by cyberattacks
The manufacturing sector accounted for one in four cyberattacks in 2025, yet remains insufficiently prepared to tackle cyberthreats, according to cybersecurity insurer Resilience.
Ransomware attacks on manufacturers jumped 61% compared to 46% across all sectors, driven by low downtime tolerance and constrained security budgets. Between March 2021 and February 2026, ransomware was responsible for 90% of sector losses despite representing only 12% of claims by Resilience clients.
Read the full article by Eric Geller on Cybersecurity Dive.
Critical infrastructure vendor Itron discloses network breach
Itron, a leading supplier of smart meter devices for energy and water utilities, disclosed a cyberattack on its computer networks detected on April 13.
The Liberty Lake, Washington-based company, which serves more than 7,700 utility providers across 100 countries, stated it addressed the unauthorized activity and found no subsequent intrusions or customer data access.
Itron’s devices are extensively deployed in electric, gas and water sectors, and the company collaborates on smart city projects managing energy infrastructure.
According to its Securities and Exchange Commission filing, operations were not disrupted, insurance will cover significant incident costs and the breach is not anticipated to materially affect the company.
Read the full article by Eric Geller on Cybersecurity Dive.
Iran escalates cyber capabilities against U.S. critical infrastructure
Since the U.S.-Iran conflict began in February, Iranian-backed cyberthreat groups have advanced toward more destructive attacks, according to security researchers.
Iran-linked actors are increasingly deploying data-wiping malware, targeting critical infrastructure and exploiting vulnerabilities in programmable logic controllers and Rockwell Automation devices. Notable incidents include a March wiper attack on medical device manufacturer Stryker and threats to Israeli water systems.
CISA cautioned that poorly secured, internet-accessible infrastructure remains vulnerable. Experts recommended eliminating internet-facing devices, enabling MFA and strengthening admin accounts.
Read the full article by David Jones on Cybersecurity Dive.
DC power regulators emerge as hidden cyberattack vector
Direct current power regulators, which stabilize voltage for devices across critical infrastructure, represent a neglected attack surface, Andy Davis, research director at NCC Group, cautioned.
Operating beneath the OS level, these increasingly sophisticated, firmware-driven components can conceal malicious activity outside traditional security monitoring. Attackers exploiting vulnerabilities in programmable regulators could initiate DoS attacks, cause hardware damage or compromise safety-critical systems such as connected vehicles. Davis noted that these incidents could go undetected as random equipment failures.
Experts recommend incorporating power regulation into security architecture, implementing network segmentation, monitoring, cryptographic signing and secure boot mechanisms to defend against this emerging threat as power systems grow more complex.
Read the full article by Arielle Waldman on Dark Reading.
U.S. agencies issue zero-trust guidance for critical infrastructure OT systems
U.S. government agencies, including CISA, the FBI and the Departments of Defense, Energy and State, released guidance Wednesday on implementing zero-trust principles in OT environments.
The document tackles unique OT challenges — legacy systems, availability requirements and physical safety constraints — that complicate traditional security approaches.
Recommendations include establishing governance frameworks, supply chain oversight using software bills of materials, network segmentation, identity management and layered compensating controls where ideal access restrictions aren’t operationally feasible.
The guidance stresses cross-team collaboration among IT, OT and cybersecurity personnel, cautioning that technology alone is insufficient.
Read the full article by Eric Geller on Cybersecurity Dive.
More on OT and critical infrastructure security
Editor’s note: An editor used AI tools to assist in the creation of this news brief. Our expert editors always review and edit content before publishing.
Sharon Shea is executive editor of TechTarget Security.
