Blog Anatomy of a Hacktivist Attack: Russian-Aligned Group Targets OT/ICS

Oct. 10, 2025, 5:05 p.m.

Description

Forescout honeypot caught hacktivist activity targeting a decoy water treatment plant in Sept. 2025. A Russian-aligned group, TwoNet, claimed responsibility for the attack. The group logged into the human-machine interface (HMI) for: defacement, process disruption, manipulation, and evasion.

External References

https://www.forescout.com/blog/anatomy-of-a-hacktivist-attack-russian-aligned-group-targets-otics/
https://otx.alienvault.com/pulse/68e93aa69b891f05e0cc0c7a
Tags
exploit
ransomware
russian
raas
hacktivist
defacement
2025-10-10
twonet
human-machine interface
overflame
modbus
megamedusa

Date

  • Created: Oct. 10, 2025, 4:56 p.m.
  • Published: Oct. 10, 2025, 4:56 p.m.
  • Modified: Oct. 10, 2025, 5:05 p.m.

Indicators

  • 87.150.146.207
  • 80.210.133.38
  • 77.91.122.234
  • 5.106.148.199
  • 45.157.234.199
  • 2.181.103.232
  • 95.90.199.75
  • 45.14.247.87
  • 92.43.161.74
  • 212.83.190.55
Download all indicators here!

Attack Patterns

  • megaMedusa
  • TwoNet

Additional Informations

  • Energy