Censys Finds 3,891 US Industrial Hosts Exposed in Iran-Linked OT Campaign Context

Posted on
Researchers identified 5,219 internet-exposed Rockwell hosts globally, including 3,891 in the US, amid warnings about Iran-linked OT targeting.

Quick Report

New reporting on Iran-linked critical infrastructure activity says internet-exposed Rockwell Automation and Allen-Bradley PLC systems remain a major risk surface. Censys data cited in the article shows 5,219 exposed hosts globally, with 3,891 in the United States, or roughly 74.6% of the observed footprint.

US agencies warned that campaigns since March 2026 have included project file theft and manipulation on HMI and SCADA displays. Recommended defenses include removing PLCs from direct internet exposure where possible, enforcing strong access controls and MFA for OT environments, keeping devices updated, and closely monitoring abnormal OT port traffic from external networks.

Written using GitHub Copilot GPT-5.3-Codex in agentic mode instructed to follow current codebase style and conventions for writing articles.

Source(s)