Cyber Threat Actors Ramp Up Attacks On Industrial Environments

Both cybercriminals and hacktivists have increased cyber-attacks against industrial technology environments, with vulnerability exploits in these systems almost doubling in 2025, according to Cyble.

This according the Cyble Research & Intelligence Labs’ (CRIL) Annual Threat Landscape Report 2025, published on January 15, 2026.

One of the key takeaways from the 87-page report was the growing interest of various cyber threat actors in industrial control systems (ICS) and operational technology (OT) environments.

The researchers reported 2451 ICS vulnerabilities disclosures made across 152 vendors in 2025, almost double the 2024 numbers which saw 1690 such vulnerabilities across 103 vendors.

This increase was fuelled by an August activity spike, with 802 ICS vulnerabilities disclosed that month alone. The third quarter of 2025 accounted for 45.26% of the year’s disclosures of ICS vulnerabilities.

Siemens was the vendor with the products most affected by ICS vulnerabilities, with 1175 reported. This far surpassed Schneider electric, which ranked second with 163 ICS flaws reported over the past year.

However, the French automated systems provider faced a higher percentage of high and critical vulnerabilities – approximately 70% compared with less than 40% for Siemens.

This rise of reported ICS vulnerabilities is partly due to a growth in exploits by cyber threat actors, who increasingly scour for security gaps in human-to-machine interfaces (HMIs) and supervisory control and data acquisition (SCADA) systems.

Cyble data showed that two of the most ICS system-reliant industries, manufacturing and healthcare, were the sectors most targeted by ransomware attacks in 2025. The researchers observed 600 manufacturing and 477 healthcare entities affected over the period covered by the report.

Hacktivist groups also heavily targeted ICT-reliant organizations, such as energy and utilities and transportation, in 2025.

Source: InfoSecurity Magazine