ICS & Iran, Part 2: Revisiting Exposure of Previously Targeted Devices

This Censys ARC analysis compares Internet exposure of four ICS device types (Unitronics, Orpak SiteOmat, Red Lion, Tridium Niagara) between June 2025 and March 2026, finding overall decreases in global exposure but noting that large numbers of critical devices remain publicly accessible. The report highlights claimed opportunistic attacks by Iranian-linked hacktivist/APT groups and references prior malware (IOCONTROL), warns that default/weak credentials and deployment on consumer or cellular ISPs increase risk, and recommends removing ICS interfaces from the public Internet.