"absent from the advisory. 1. threat context the authoring agencies assess that a group of iranian - affiliated apt actors — linked to the irgc cyber electronic command ( cec ) and previously tracked as cyberav3ngers ( shahid kaveh group, storm - 0784, bauxite, unc5691 ) — has bee…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
52%
"iranian - affiliated apt targeting of rockwell / allen - bradley plcs download the full brief → introduction on april 7, 2026, the fbi, cisa, nsa, epa, doe, and u. s. cyber command jointly disclosed ongoing exploitation of internet - facing rockwell automation / allen - bradley p…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
52%
"2080 - ) entry. the advisory specifically names compactlogix and micro850 as confirmed targeted families. the heavy micrologix 1400 presence — many running end - of - sale firmware c / 21. 02 and c / 21. 07 — is a compounding risk : limited ongoing security support, and firmware …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1021.001Remote Desktop Protocol
51%
"##n and cellular modem management interfaces. [ medium ] audit micrologix 1400 deployments on firmware c / 21. 02 and c / 21. 07. end - of - sale devices with limited patch support and unauthenticated firmware version exposure should be prioritized for replacement or network isol…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
42%
"absent from the advisory. 1. threat context the authoring agencies assess that a group of iranian - affiliated apt actors — linked to the irgc cyber electronic command ( cec ) and previously tracked as cyberav3ngers ( shahid kaveh group, storm - 0784, bauxite, unc5691 ) — has bee…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
39%
"iranian - affiliated apt targeting of rockwell / allen - bradley plcs download the full brief → introduction on april 7, 2026, the fbi, cisa, nsa, epa, doe, and u. s. cyber command jointly disclosed ongoing exploitation of internet - facing rockwell automation / allen - bradley p…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Download the full brief → Introduction On April 7, 2026, the FBI, CISA, NSA, EPA, DOE, and U.S. Cyber Command jointly disclosed ongoing exploitation of internet-facing Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs) by Iranian-affiliated APT actors. Censys data identifies 5,219 internet-exposed hosts globally responding to EtherNet/IP (EIP) and self-identifying as Rockwell Automation/Allen-Bradley devices — the […]