- Comparitech Stack Report
- Posts
- Thousands of Industrial Controllers Exposed as State-Linked Attacks Rise
Thousands of Industrial Controllers Exposed as State-Linked Attacks Rise
Taylor Hawes
April 13, 2026
Risk-aware identity governance: Prioritize what truly matters
Continuously monitor identity-based risks and spot deviations that could lead to exposure. ADManager Plus automatically starts access reviews, remediations, and maintains a clean, auditable identity posture without manual overhead.
🔎 Cyber Watch 🔎
Thousands of Industrial Controllers Exposed as State-Linked Attacks Rise
A new report shows more than 5,200 internet-connected industrial controllers from Rockwell Automation are exposed, with U.S. infrastructure carrying most of the risk. Government agencies warn that Iranian-linked groups are actively targeting these systems, often using legitimate engineering tools rather than exploits to gain access and manipulate operations.
Key takeaway
Over 5,200 PLC devices are exposed online, many tied to critical infrastructure.
Attackers use trusted software tools to blend in and avoid detection.
Sectors such as energy, water, and government services are primary targets.
Internet exposure, not zero-day flaws, remains the biggest weakness
🎙️ Tech Briefing On‑Air 🎙️
The Becerra Case and the Future of Healthcare Tracking
The Becerra case is shaping how healthcare providers handle tracking technologies under HIPAA. The legal challenge questions federal guidance on using tools such as cookies and analytics scripts, with courts signaling limits on how broadly regulators can interpret privacy rules.
Takeaways
The case challenges how HIPAA applies to tracking technologies.
Hospitals may face stricter scrutiny when using third-party tracking tools.
The ruling could affect ongoing class action lawsuits tied to data privacy.
Healthcare organizations must review how user data is collected and shared.
Audience Survey
We’re running a short 5-question survey to better understand who reads Comparitech.
Your answers help us shape our editorial coverage and we’ll share an aggregate snapshot of the results back to the community later this quarter. No personal data collected.
We are also running a raffle for anyone that fills it out to be entered to win a $100 Amazon voucher.
🤝 Partner Intel 🤝
ManageEngine AD Solutions
ManageEngine AD Solutions focus on identity and access management across Active Directory environments. These tools help IT teams manage user provisioning, enforce security policies, and monitor access activity from a single console.
Key Features
Centralized control over Active Directory users and permissions
Automation for user provisioning and deprovisioning
Built-in auditing and compliance reporting
Useful for reducing identity-related security gap
🤖 AI Runtime 🤖
IMF Flags Global Financial System Not Ready for AI Cyber Risks
The International Monetary Fund has warned that the global financial system is not prepared for AI-driven cyber threats. Leadership highlighted that rapid advances in AI models could expose weaknesses in banking systems, prompting emergency discussions among regulators and financial institutions. It also pointed to the weak coordination between financial and security bodies adds risk. To address this, regulators and banks are already holding urgent coordination meetings.
📊 By the Numbers 📊
🗳️ Your Monday Take 🗳️
Cast your vote on our weekly poll.
If an attacker gains access using legitimate tools (no malware, no exploit), would your current security stack detect it? |
📩 We’ll share the results in the Friday issue.
|
Until Wednesday’s edition - Let’s keep that zero-day count at zero!