Summary (Bottom Line Up Front)
Venezuelan-origin IP address 200.109.232.194 conducted extensive SMB protocol attacks against industrial control systems infrastructure between February 21-23, 2026, generating over 8,000 malicious events. This HIGH-severity threat demonstrates potential reconnaissance or exploitation attempts against operational technology (OT) environments using information technology (IT) protocols. Network defenders should immediately implement enhanced monitoring and access controls for industrial control systems.
Activity Timeline
INITIAL REPORT2026-03-16T12:27:29Z
Source: Analyst Manual Entry
Venezuelan-origin IP address 200.109.232.194 conducted extensive SMB protocol attacks against industrial control systems infrastructure between February 21-23, 2026, generating over 8,000 malicious events. This HIGH-severity threat demonstrates potential reconnaissance or exploitation attempts against operational technology (OT) environments using information technology (IT) protocols. Network defenders should immediately implement enhanced monitoring and access controls for industrial control systems.
Technical details
Threat actor operating from CANTV Servicios network (AS8048) in Venezuela executed 8,191 attack events over 60-hour period from 08:00 February 21 through 20:00 February 23, 2026. Primary attack vector involved SMB protocol negotiation attempts against Modbus-enabled industrial systems, with 7,748 instances of SMB version 1 usage detected. Activity maps to MITRE ATT&CK technique T1190 (Exploit Public-Facing Application) within reconnaissance phase of cyber kill chain. Source IP maintains maximum AbuseIPDB reputation score (100/100) indicating established malicious infrastructure. Attack pattern suggests protocol confusion techniques potentially targeting industrial control system vulnerabilities through legacy SMB implementations.
IOCs
IP:200.109.232.194
ASN:8048
COUNTRY:VE
Recommendations
- Block IP address 200.109.232.194 and monitor for additional Venezuelan ASN AS8048 reconnaissance activity
- Implement network segmentation between IT and OT environments to prevent SMB protocol access to industrial control systems
- Disable SMB version 1 on all industrial networks and enforce modern authentication protocols for operational technology assets
- Deploy enhanced logging and monitoring for unusual protocol combinations, particularly IT protocols accessing OT infrastructure
- Conduct immediate security assessment of Modbus-enabled devices for unauthorized access attempts and potential compromise indicators