Hacktivists exploit outdated flaw for defacement attacks.

CISA added a 2021 ScadaBR vulnerability to its Known Exploited Vulnerabilities catalog, requiring agencies to patch by December 19. The flaw, a cross-site scripting bug, was recently used by pro-Russia group TwoNet to deface a fake industrial control system honeypot. Attackers altered the login page to display a pop-up message but showed limited technical skill. While the incident caused no real damage, it underscores ongoing hacktivist interest in targeting ICS/OT systems with easy-to-use exploits.

Read more:

https://www.securityweek.com/cisa-warns-of-scadabr-vulnerability-after-hacktivist-ics-attack/