IP address 66.132.153.125 conducted targeted reconnaissance against industrial control systems and IoT infrastructure between March 11-14, 2026, utilizing S7comm and MQTT protocols. The activity represents a MEDIUM threat level with focused targeting of critical infrastructure protocols. Organizati…
A high-severity Modbus TCP reconnaissance attack has been detected from IP 87.236.176.5 (Leeds, GB) targeting industrial control systems between February 21-March 6, 2026. The attacker employed broadcast diagnostics queries to enumerate ICS/OT devices, representing active network reconnaissance wit…
High-severity reconnaissance campaign detected from IP 18.218.118.203 targeting industrial control systems using Modbus broadcast enumeration techniques alongside multi-protocol scanning activities from February 12 to March 10, 2026. The attacker demonstrated advanced capabilities across OT/IT envir…
Romanian-based threat actor 193.46.255.147 conducted a sophisticated multi-protocol reconnaissance campaign targeting industrial control systems, network infrastructure, and IoT devices over a 14-hour period from March 9-10, 2026. The campaign demonstrates advanced capabilities across Modbus, S7com…
Threat actor at 185.247.137.53 conducted targeted reconnaissance against industrial control systems using Siemens S7comm protocol between February 28-March 4, 2026. Assessment indicates HIGH threat level with potential for zero-day exploitation against SCADA infrastructure. Immediate hardening of I…
Malicious activity detected from 172.235.168.35 (NL, AS63949). 2503 events observed across HTTP, Java-RMI, MQTT, Modbus, Oracle/TNS. AI verdict: HIGH.