Hacktivists Launch Attacks on ICS Systems to Exfiltrate Sensitive Information

Hacktivists’ attacks on Industrial Control Systems (ICS) are becoming more intense in a noticeable evolution of ideologically motivated cyber operations. They have progressed from simple Distributed Denial of Service (DDoS) attacks and website vandalism to more complex intrusions targeted at data exfiltration and disruption of operations.

According to Cyble’s Q2 2025 threat landscape assessment Report, ICS-targeted attacks, combined with data breaches and access-based compromises, now constitute 31% of hacktivist activities, a rise from 29% in the previous quarter.

This uptick underscores a growing technical proficiency among threat actors, who are leveraging vulnerabilities in Operational Technology (OT) environments to tamper with Supervisory Control and Data Acquisition (SCADA) systems and Human-Machine Interfaces (HMIs), often resulting in the extraction of sensitive telemetry data, configuration files, and proprietary industrial protocols.

Such operations not only threaten national resilience but also amplify psychological warfare through publicized evidence of compromises, such as screen recordings of real-time ...