Analyzing CPS Attack Trends

In this report, Team82 shares its research evaluating 200-plus attacks carried out by more than 20 opportunistic threat-actor groups against CPS in numerous industries. A high concentration of these attacks impact manufacturing, water and wastewater, and power-generation—sectors that represent enormous capital for a hacktivist entity intent on disrupting resources and sowing chaos in society.

Interested in learning about Claroty's Cybersecurity Solutions?

Request a Demo

Key Findings

Hacktivists Favor Weak Protocols

Hacktivists sympathetic to adversarial nation-states hurdle low barriers to entry to access and compromise CPS, primarily leveraging insecure protocols such as VNC, and targeting HMIs and SCADA systems.

Download Report

CPS Attacks Align Geopolitically

Hacktivists also attack exposed CPS in countries or regions aligned with their political or social goals. Of the 200-plus attacks, most incidents were aligned to Russia- and Iran-affiliated threat actors, targeting mostly EU countries, and Israel and the U.S. respectively.

Industries in the Crosshairs

Manufacturing, water and wastewater, and power generation are the most targeted sectors we observed. These three account for more than 45% of the attacks we observed in the 20 sectors where we recorded and verified incidents involving CPS assets.

Download Report

Claroty Wins Best in KLAS for Healthcare IoT Security - Five Years in a Row

Claroty xDome Drives Business Value and Enhanced Exposure Management at Ohio State University Wexner Medical Center

Provincial Health Services Authority and Fraser Health Authority Boost Cybersecurity Processes and Compliance with Claroty xDome

Phlow Leverages Claroty Technologies for Unparalleled Cyber-Physical System Protection

Life, uninterrupted.

Claroty Named a Leader in 2026 Gartner® Magic Quadrant™ for CPS Protection Platforms