3,891 PLCs, No Zero-Day Required

33:1412 scenes9 speakersBriefing

01 Cold Open: No Zero-Day Needed

Chapters

01Cold Open: No Zero-Day Needed

02Sponsor — Blue Cortex AI

03The PLC Campaign: Architecture Failure, Not a Patch Gap

04The 72-Hour Playbook: What You Can Actually Do Right Now

05The Attribution Error: Two Irans, Not One

06The Insurance Gap: Lloyd's Y5433 and Who Pays

07TeamPCP and the Wormable Supply Chain

08Supply Chain Response: What to Rotate, What to Check

09Mythos: When AI Finds the Exploit Before You Patch

10Chrome WebML and Orthanc: The Week's Other Critical Vulns

11The Real Threat Model: What Defenders Are Missing

12Synthesis and Closing: What You Do Before Tomorrow

Speakers

HalilSaraAlexJamesLenaDr.PierreDr.Dr.

▶01Cold Open: No Zero-Day Needed00:00

HalilNearly four thousand US industrial controllers. Internet-exposed. Right now. And the Iranians didn't need a single exploit to get in — they just used the manual.

HalilWelcome to CyberDaily Threatcast. I'm Halil Öztürkci. Let's get into it.

HalilToday's episode has four major threads. First: the Iranian IRGC-CEC PLC campaign — active incident, not a future risk. Second: a critical correction to the briefing — the Stryker attack and the PLC campaign are NOT the same operation. Third: dual supply chain attacks with a combined fourteen-to-twenty-one billion dollar blast radius. And fourth: Anthropic's Mythos AI model, which just changed the math on how fast exploits get weaponized.

HalilSara Kovacs is on ICS. Alex Mercer on the technical chain. Lena Hartmann on attribution. Elena Rossi on geopolitics. James Okafor with the response playbook. Arjun Patel on the AI angle. Pierre Lefevre running the numbers. And Sofia Andersen on what you're legally on the hook for.

HalilLet's start where it hurts most.

▶02Sponsor — Blue Cortex AI01:22

HalilThis episode is brought to you by Blue Cortex AI and Tarhy — their autonomous SOC platform. Here's what Tarhy does: it pulls alerts from your EDR stack — Defender, CrowdStrike, Cortex XDR, SentinelOne — and its AI agents triage every single one, around the clock. Not just pattern matching. Multi-step reasoning, cross-event correlation, MITRE ATT&CK mapping, and a confidence-scored verdict — all in about three minutes. And here's the thing that matters: their Neural Timeline shows you exactly how the AI reached each decision. No black box. The results speak for themselves — sixty to seventy percent fewer false positives, eighty percent faster time to verdict. If your SOC is drowning in five thousand alerts a day, Tarhy can save twenty-five hundred analyst hours a month. Check them out at bluecortex.ai.

▶03The PLC Campaign: Architecture Failure, Not a Patch Gap02:27

HalilSara — CISA joint advisory AA26-097A, three thousand eight hundred ninety-one exposed Rockwell PLCs. Walk us through what we're actually looking at here.

SaraSo, the brutal truth? EtherNet/IP was never designed for the internet. It was designed for trusted Level 1 shop floor networks. And sixty-six percent of these exposed devices are sitting on cellular modems with public IPs.

AlexAnd here's the thing — there's no exploitation happening. They're literally logging in as engineers. Port 44818, Studio 5000 software, legitimate credentials. It's like finding spare keys taped under the mat.

SaraRight. The underlying weakness is CVE 2021-22681 — CVSS ten-point-zero, an authentication bypass disclosed in 2021. But here's what most people miss: there is no patch. Rockwell's only mitigations are compensating controls.

HalilNo patch. For a CVSS ten. Disclosed five years ago.

SaraThe vulnerability is in the fundamental authentication architecture. You can't patch your way out of a design flaw. This is an architecture failure — not a patching gap.

AlexAnd the attack chain is elegant in its simplicity. CIP session over port 44818, extract the dot-ACD project file — that's the PLC program — do your reconnaissance, then deploy Dropbear SSH for persistence on port 2222.

SaraAnd then you can manipulate ladder logic, falsify sensor readings, disable safety interlocks. Forget data theft. We're talking potential kinetic effects. If this escalates to safety instrumented systems, we have a TRITON-level scenario.

HalilHmm. How fast can they move from initial access to destructive action?

AlexHonestly — hours. Initial access is minutes. Reconnaissance and project extraction, two to six hours. Once they decide to pull the trigger, they could corrupt logic across every accessible PLC in a single coordinated push.

SaraAnd at a water pumping station, that means crews driving to remote sites with hand tools. At scale — that's a public health emergency.

HalilThis is active incident response territory. James — what's the seventy-two hour playbook?

▶04The 72-Hour Playbook: What You Can Actually Do Right Now05:05

JamesYeah, so — let me be concrete. Hours zero to twelve: containment. Physical key switches to RUN mode on every exposed PLC. That single action blocks remote programming via CVE 2021-22681. Do it now.

SaraI know sites where operators keep those switches in Remote Program mode for convenience. That ends today.

JamesExactly. Simultaneously — inventory your cellular modem deployments. Those sixty-six percent on public IPs are your highest risk. Pull dot-ACD file backups offline for integrity verification.

HalilAnd hours twelve to twenty-four?

JamesVisibility. Deploy CIP Security where firmware supports it — that's Logix Designer version twenty-one plus, ControlLogix 5580 version thirty-one plus. IP allowlisting: only authorized engineering station IPs talk to the PLC. Block TCP ports 44818, 2222, 102, 22, and 502 at your network edge.

SaraCan I jump in here? The 'disconnect from the internet' advice is easy to say and operationally impossible for many sites. Utilities need that cellular link for two AM alarms. If you can't cut the connection, put it behind a firewall with IP allowlisting to your SCADA master only.

JamesRight. And hours twenty-four to seventy-two: validation. FactoryTalk AssetCentre change detection audit. Forensic imaging of any engineering workstation that showed Studio 5000 sessions from unauthorized sources.

HalilSara, James asked about detection — network-based versus host-based. What works in the real world?

SaraNetwork-based, full stop. Traditional EDR on OT engineering stations is friction-heavy. Real-time constraints, change management — it's a mess.

JamesAgreed. My Suricata focus: SSH traffic on port 2222 from engineering workstations that aren't authorized jump hosts, combined with CIP traffic on port 44818 from the CISA IOC IP ranges. Behavioral tells — dot-ACD uploads outside maintenance windows, PLC mode changes from Run to Program at two AM on a weekend.

SaraNormal operations don't extract project files at two in the morning. If you see CIP service code 0x4C — that's Set_Attribute_All — from an unexpected source, treat it as an incident.

HalilGood. Now — I need to address something. The briefing framed this as the 'same threat ecosystem' as the Stryker attack. Lena, that's wrong, isn't it.

▶05The Attribution Error: Two Irans, Not One08:16

LenaIt's not just imprecise — it's a material analytical error. The Stryker attack was Handala. That's an MOIS-affiliated group — also tracked as Void Manticore, Red Sandstorm. They used Microsoft Intune to wipe devices. IT environment. The FBI's own release tied indicators specifically to MOIS threat actors.

HalilAnd the PLC campaign?

LenaCyberAv3ngers. That's IRGC-CEC — the Cyber Electronic Command. Completely different intelligence service. Different mandate, different leadership, different tradecraft. MOIS does espionage and influence. IRGC-CEC does disruptive OT attacks and ideological messaging.

Dr.And this split runs deep in Iranian doctrine. They've historically operated independently — sometimes in competition with each other.

LenaExactly. The 'same ecosystem' framing suggests operational unity that doesn't exist. Both operations emerged from the same geopolitical trigger — US-Israeli strikes on Iranian nuclear facilities — but separate entities, separate command structures.

AlexAnd the Stryker attack wasn't even a traditional wiper. Attackers abused Microsoft Intune's native wipe functionality using compromised domain admin credentials. Living off the land at enterprise scale — no viral payload, just legitimate EMM commands weaponized.

HalilSo why does this distinction matter practically? For defenders in the room.

LenaBecause your defensive prioritization changes completely. If you think it's one unified operation, you might over-invest in IT wiper defenses when your actual exposure is OT network segmentation. Or vice versa.

Dr.And for policymakers — confusing MOIS and IRGC-CEC is like confusing the CIA and the Pentagon. They report to different principals and respond to different incentives.

HalilElena — geopolitically, what is Iran actually trying to accomplish here? This isn't random.

Dr.So — this is calibrated coercive bargaining. We're inside a compressed diplomatic window. US-Iran nuclear negotiations restarted in 2025. The JCPOA snapback mechanism expires this October. Iran is simultaneously at the table and lighting fires outside.

Dr.They hit water, wastewater, energy, municipal facilities — high visibility, public safety consequences, but contained economic damage. Just under the threshold where US domestic pressure forces a kinetic response. Just above the threshold where American negotiators feel pressure. Textbook gray zone signaling.

HalilAnd the six-agency advisory — FBI, CISA, NSA, EPA, DOE, and USCYBERCOM — that's unusual.

Dr.Very unusual. USCYBERCOM inclusion signals this isn't just information sharing. That's operational planning. And here's my provocation: what if the advisory itself is the operation? Releasing attribution and technical indicators publicly signals — we've mapped your infrastructure. We know where you are. And we haven't struck yet. That's its own form of coercive diplomacy.

▶06The Insurance Gap: Lloyd's Y5433 and Who Pays11:43

HalilPierre — I want the board-level number. If CyberAv3ngers pulls the trigger on these PLCs, what's the bill?

PierreSo, ten percent hit rate — that's three hundred eighty-nine plants. Energy sector, six to eight week outages at fifteen to thirty million per facility. Water and wastewater, lower revenue impact but massive remediation costs. Oil and gas, twenty-five to fifty million per site.

PierreBest case: two-point-one billion. Worst case — twenty-five percent hit rate, coordination with kinetic escalation — eleven-point-seven billion. And remember, energy touches everything. Colonial Pipeline was one pipeline for six days and triggered presidential emergency declarations.

HalilAnd the insurance picture?

PierreThis is where I have to give the board the bad news in plain language. Lloyd's Bulletin Y5433 now requires state-backed cyberattack exclusions in all standalone cyber policies. If this gets attributed to IRGC by the US government — and it will — Type 2 and 3 exclusions likely apply. Coverage void.

Dr.The Merck and Mondelez precedents are useless now. Those were property and all-risk policies with vague war language. Today's cyber forms have specific state-sponsored exclusions.

PierreRight. My market view: seventy to eighty-five percent of energy sector policies will face coverage disputes on this event. Carriers argue 'state-backed.' Policyholders argue 'criminal affiliate with loose ties.' It will go to litigation.

HalilSo what do organizations do right now?

PierreReview your policy today. Find the war exclusion clause. Call your broker and get specific on how 'state operation' is defined and who determines attribution. And budget for self-insured retention — because on a state-linked ICS event, you may be paying out of pocket.

Dr.And on the reporting side — water utilities have mandatory incident reporting under the Safe Drinking Water Act Section 1433 to CISA, EPA's Water Infrastructure Cyber Resilience Division, and WaterISAC. Electric utilities report under NERC CIP-008. CIRCIA — the federal overlay covering all sixteen critical infrastructure sectors — its final rule is expected in May 2026. Until then, voluntary reporting to CISA is strongly encouraged.

HalilGood. Let's pivot. Supply chain.

▶07TeamPCP and the Wormable Supply Chain14:44

HalilArjun — you called the TeamPCP Trivy compromise 'structurally different.' What did you mean?

Dr.So — TeamPCP didn't just poison binaries. They compromised Trivy's GitHub Actions runners. Seventy-five of seventy-six tags in trivy-action. They harvested secrets from runner memory, then used those credentials to pivot into Checkmarx KICS, LiteLLM, Telnyx, and the Telnyx Python SDK — all within a week.

HalilTrivy — that's the open-source security scanner that sits inside CI/CD pipelines.

Dr.Exactly. And that's what makes this so alarming. They weaponized the security scanner itself as a lateral movement engine. Supply chain as a wormable propagation graph. The security tool becomes the attack vector.

JamesAnd they came back after partial remediation. Re-compromised Trivy twice. That's operational patience. That's not opportunistic — that's strategic.

LenaI want to be clear on attribution here. Some early reporting linked TeamPCP to the Axios backdoor. That's wrong. The Axios compromise is UNC1069 — that's Google's tracking designation for a North Korean cyber unit. High confidence DPRK.

HalilWait — so we have two completely separate supply chain attacks running simultaneously?

LenaIndependent campaigns. Coincidental timing. UNC1069 on Axios — DPRK state-sponsored, cryptocurrency theft objectives. TeamPCP — financially motivated cybercrime, AI-assisted tooling, English-speaking operators. SOCRadar describes them as loosely affiliated young adults, not state operators.

Dr.And the LiteLLM dot-pth persistence I flagged earlier — that was the downstream effect of Trivy-compromised CI/CD secrets. The malware harvested cloud credentials via Trivy scans, then used those to push malicious LiteLLM packages. The ICP blockchain C2 they're calling CanisterWorm is genuinely novel.

HalilPierre — combined blast radius.

PierreFive hundred thousand-plus stolen credentials. One thousand organizations with confirmed compromise so far. IBM's 2024 data puts compromised credential attacks at four-point-eight-one million per breach. But here's the supply chain cascade — using the MOVEit model, we apply a two-point-one-times multiplier for downstream customer impact.

PierreBase case: fourteen-point-two billion. Worst case: twenty-one-point-four billion. And those one thousand confirmed victims are just wave one.

▶08Supply Chain Response: What to Rotate, What to Check17:49

HalilJames — if an organization uses Trivy, KICS, LiteLLM, Telnyx, or Axios — what do they do right now?

JamesAudit your CI/CD pipeline dependencies going back to late February 2026. That's your exposure window. Then rotate everything — SSH keys, cloud credentials, Kubernetes configs, API tokens — anything that traversed those environments.

Dr.And check for persistence. TeamPCP uses systemd services, Kubernetes cluster backdoors, and dot-pth files in Python environments. These aren't obvious. Behavioral detection matters more than IOC matching here.

JamesThe European Commission AWS breach via Trivy confirms they're hitting high-value international targets. This isn't spray-and-pray. If you're a significant organization using these tools, assume you were targeted.

HalilLena — the Drift Protocol hack. That was UNC4736, separate from UNC1069?

LenaDifferent DPRK bureau entirely. UNC4736 — that's Mandiant's tracking name for a separate North Korean cyber unit — ran a six-month social engineering campaign on Drift. In-person meetings, VS Code repo access, TestFlight app. Two hundred eighty-five million dollars stolen. UNC1069 was a three-hour supply chain window in March. Different timelines, different TTPs, shared strategic objective: cryptocurrency.

HalilTwo separate North Korean units, same week. That's bureau-level coordination.

LenaOr — and I want to be careful here — parallel operational tempos responding to the same funding directive. Google Threat Intelligence noted Stardust Chollima has maintained increased operational tempo since Q4 2025. I'm not ready to call it coordination without evidence of shared infrastructure.

Dr.The distinction matters for attribution policy. Coordination implies unified command. Parallel operations might just mean Pyongyang told multiple bureaus to hit crypto targets this quarter. Very different diplomatic response calculus.

▶09Mythos: When AI Finds the Exploit Before You Patch20:14

HalilArjun — Anthropic's Mythos model. Seventy-two-point-four percent exploit success rate on Firefox vulnerabilities. Versus Claude Opus 4.6 at fourteen-point-four percent. What's actually happening here?

Dr.So — this isn't incremental improvement. This is a capability threshold. The FFmpeg example tells the whole story: that bug survived five million fuzzing runs because the vulnerable code path was activated millions of times without proper triggering conditions. Mythos reasoned about the semantic conditions required to reach the vulnerable state. Not pattern matching — actual multi-step reasoning about bug mechanics.

AlexAnd they found a twenty-seven-year-old OpenBSD TCP bug. Survived decades of human review. That's not a fuzzer. That's something fundamentally different.

Dr.Right. And the defensive implication isn't panic. It's a math problem. Only one percent of Mythos-discovered vulnerabilities get patched nine days after announcement. So the bottleneck has shifted. It's not discovery anymore. It's patch deployment velocity.

HalilMeaning attackers could have AI-discovered vulns weaponized before defenders even know the bug exists.

AlexThat's the scenario. And Anthropic is restricting release, coordinating through Glasswing — that's the right call. But open-weight models catch up in six to twelve months. The compute requirements matter now. They won't matter for long.

JamesWhich means your vulnerability management program needs to update its assumptions. The disclosure-to-weaponization window just compressed from weeks to days. Your patch deployment velocity — not your detection capability — is now the binding constraint.

Dr.Exactly. And I want to push back on the breathless coverage. This doesn't immediately proliferate. But update your threat models now — before the open-weight equivalents drop.

▶10Chrome WebML and Orthanc: The Week's Other Critical Vulns22:24

HalilAlex — Chrome 147 WebML. CVE 2026-5858 and 5859. How fast does this get weaponized?

AlexSeven to fourteen days. My math: patch diff analysis is two to three days for a skilled researcher. Heap layout grooming in WebML — tensor allocation patterns are predictable — another three to five days. Sandbox escape adds time if needed.

HalilWhy is WebML specifically a fresh attack surface?

AlexWebML — that's machine learning inference running natively in the browser via the Web Neural Network API — it's still stabilizing. V8, WebRTC — those have been pounded by researchers for years. WebML sits outside the core JS engine. Massive tensor allocations, complex shape calculations, heap overflow combined with integer overflow. The WebGPU precedent, CVE 2026-5281, was actively exploited in the wild. These GPU and ML-adjacent browser surfaces are hot targets.

JamesEnterprise-wide forced Chrome 147 update. Before the PoC drops. Configure automatic updates, block older versions at the proxy level. This one is urgent.

HalilAnd Orthanc — CVE 2026-5442. Healthcare DICOM server. Alex, walk us through the weaponization.

AlexHeap buffer overflow via malformed DICOM image dimensions. Standard DICOM uses VR US — Unsigned Short — max sixty-five thousand pixels. If the decoder accepts VR UL — Unsigned Long — you can specify four billion, causing integer overflow on the allocation. The allocation wraps small, the copy proceeds big. Classic heap overflow.

AlexThe attack vector is the HTTP DICOM upload endpoint — often internet-facing in research environments. From there, Orthanc connects to PACS servers, radiology information systems, domain-joined Windows servers. Ransomware groups love this. Thirty to sixty day weaponization window, but healthcare patching cycles run months.

Dr.And the legal exposure is significant. Running Orthanc version 1.12.10 or earlier after the patch is available — that's version 1.12.11 — creates real HIPAA risk. The Security Rule requires protection against reasonably anticipated threats. OCR's enforcement pattern shows increased scrutiny of unpatched systems specifically.

HalilSofia — how bad is the HIPAA liability if an organization gets hit and hadn't patched?

Dr.Breach notification within sixty days. If five hundred-plus individuals are affected, report to OCR immediately and to media in the impacted state. But the deeper issue — running unpatched after v1.12.11 was available, without documented compensating controls, is prima facie evidence of inadequate safeguards. Settlements in comparable cases range from two hundred twenty-five thousand to six-point-eight-five million dollars. Document your compensating controls if you cannot patch immediately. That documentation is your legal defense.

▶11The Real Threat Model: What Defenders Are Missing26:03

HalilI want to pull back for a moment. We have Iranian state actors in US infrastructure, North Korean units hitting supply chains and crypto, AI-accelerated exploit discovery, and an insurance market that's essentially telling critical infrastructure — you're on your own. What's the throughline?

LenaThe throughline is that defenders are still thinking about these as separate incidents requiring separate responses. They're not. They're simultaneous pressure across multiple attack surfaces during a period of American geopolitical overstretch.

Dr.And both adversaries — Iran and North Korea — are responding to US-related stressors, just different ones. Iran is coercive bargaining in a nuclear negotiation window. DPRK is sustaining revenue for a weapons program under sanctions. Different motivations, but both are exploiting the same defensive gaps.

AlexAnd here's what bothers me most. The PLC campaign requires zero exploitation sophistication. Standard tooling. The 'sophistication' is in the targeting and reconnaissance — not the attack. Any technically competent team can replicate this.

SaraWhich is why this isn't a cybersecurity problem. It's an architecture problem. Those sixty-six percent of PLCs on public IPs — that decision was made by plant managers who needed remote visibility and didn't have budget for proper segmentation. You can't patch your way out of that.

PierreAnd the insurance market has systematically excluded these scenarios. Lloyd's Y5433 means state-attributed ICS events are essentially uninsurable. The risk is sitting on corporate and municipal balance sheets right now, and most boards don't know it.

Dr.And Mythos tells us the discovery side of the equation is accelerating. If your patch deployment velocity can't keep pace with AI-discovered vulnerability disclosure rates — and right now it can't, one percent patched after nine days — you're structurally behind.

JamesLook, I don't disagree with any of this. But I'll say what I always say: there is no ideal world. Give me the next forty-eight hours. Physical key switches. Chrome update. Secret rotation. Orthanc patch. Those four actions address the most urgent exposure right now, with whatever resources you have.

HalilJames, as always, has the last word on actionability. Let's close it out.

▶12Synthesis and Closing: What You Do Before Tomorrow28:43

HalilHere's what today's panel established. Four big takeaways.

HalilOne: The Iranian PLC campaign is an active incident. Three thousand eight hundred ninety-one internet-exposed Rockwell controllers, no zero-day required, and an authentication bypass that cannot be patched. If you operate critical infrastructure, physical key switches go to RUN mode before you go home today. Block ports 44818, 2222, 102, 22, and 502 at your network edge. Extract dot-ACD backups to offline write-protected media.

HalilTwo: The Stryker attack and the PLC campaign are separate operations by competing Iranian intelligence services. MOIS ran Stryker. IRGC-CEC is running the PLC campaign. Do not conflate them — it will break your defensive prioritization.

HalilThree: If your CI/CD pipeline touched Trivy, KICS, LiteLLM, Telnyx, or Axios since late February — rotate all secrets now. SSH keys, cloud credentials, Kubernetes configs, API tokens. Check for TeamPCP persistence: systemd services, Kubernetes cluster backdoors, dot-pth files in Python environments. The blast radius on the combined supply chain attacks is fourteen to twenty-one billion dollars and expanding.

HalilFour: Anthropic's Mythos model achieved seventy-two-point-four percent exploit success rate — including a twenty-seven-year-old bug that survived decades of human review. The disclosure-to-weaponization window has compressed from weeks to days. Update your vulnerability management program's assumptions accordingly.

HalilAlso this week: force Chrome 147 across your endpoints before the WebML PoC drops — seven to fourteen day window. Patch Orthanc to version 1.12.11. Healthcare organizations — document your compensating controls if you can't patch immediately. That documentation is your HIPAA defense.

HalilAnd energy, water, and municipal infrastructure operators — review your cyber policies for Lloyd's Y5433 war exclusion clauses today. On state-attributed ICS events, seventy to eighty-five percent of policies will face coverage disputes. Budget for self-insured retention.

HalilWhat we're watching tomorrow: CIRCIA final rule publication expected in May — reporting obligations are about to get real for all sixteen critical infrastructure sectors. And we're tracking whether USCYBERCOM's inclusion in today's advisory presages a persistent engagement response against Iranian cyber infrastructure.

HalilThat's it for today's CyberDaily Threatcast. Stay safe. See you tomorrow. Thanks to Blue Cortex AI for sponsoring today's episode. Autonomous SOC, real reasoning, no black box. bluecortex.ai.

Episodes

Tue28Apr

Grid in the Crosshairs: Cisco SD-WAN, Gemini CLI, and Two Deadlines Expiring Today

30:4311 sc

Sun26Apr

Correction Day: The LAPSUS$ Claim Falls Apart, Signal Phishing Is Real

29:2910 sc

Sat25Apr

Pay or Leak: The 48-Hour Clock, Two CVEs You Must Patch, and DeFi's Governance Confession

29:1912 sc

Fri24Apr

Shai-Hulud: The Worm That Ate the Pipeline