OT Network Security Threats: Industrial Routers Under Attack

    Wednesday, December 31, 2025 In: Threat Research Print

    Date: 12/31/2025

    Severity: Medium

    Summary

    Over 90 days of honeypot monitoring, industrial routers emerged as the most targeted OT assets, accounting for 67% of attacks, mainly through SSH/Telnet brute force and HTTP-based exploitation. New botnets like RondoDox and ShadowV2 dominated malware activity, while the Chaya_005 cluster highlighted sustained exploitation of Sierra Wireless routers, underscoring ongoing risks to OT network perimeter devices.

    Indicators of Compromise (IOC) List

    IP Address

    103.106.66.206

    172.86.88.88

    185.45.195.14

    206.206.123.95

    23.95.235.22

    31.57.243.170

    5.181.3.24

    51.210.138.92

    79.141.172.211

    89.185.80.110

    103.158.171.55

    103.168.3.215

    110.39.231.50

    115.49.200.151

    117.206.100.73

    180.191.255.106

    192.21.165.83

    217.65.221.197

    45.230.66.110

    45.230.66.113

    45.230.66.117

    45.230.66.125

    61.52.3.135

    66.167.169.156

    23.177.185.39

    103.77.241.50

    196.251.86.86

    196.251.87.194

    213.209.143.37

    26.249.145.103

    91.231.222.192

    94.154.35.154

    178.16.55.224

    64.225.49.218

    74.194.191.52

    81.88.18.108

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    dstipaddress IN ("89.185.80.110","81.88.18.108","23.177.185.39","51.210.138.92","178.16.55.224","196.251.86.86","103.77.241.50","91.231.222.192","66.167.169.156","172.86.88.88","180.191.255.106","110.39.231.50","45.230.66.110","45.230.66.117","94.154.35.154","103.106.66.206","45.230.66.125","45.230.66.113") or srcipaddress IN ("89.185.80.110","81.88.18.108","23.177.185.39","51.210.138.92","178.16.55.224","196.251.86.86","103.77.241.50","91.231.222.192","66.167.169.156","172.86.88.88","180.191.255.106","110.39.231.50","45.230.66.110","45.230.66.117","94.154.35.154","103.106.66.206","45.230.66.125","45.230.66.113","185.45.195.14","206.206.123.95","23.95.235.22","31.57.243.170","5.181.3.24","79.141.172.211","103.158.171.55","103.168.3.215","115.49.200.151","117.206.100.73","192.21.165.83","217.65.221.197","61.52.3.135","196.251.87.194","213.209.143.37","26.249.145.103","91.231.222.192","64.225.49.218","74.194.191.52")

    Reference:    

    https://www.forescout.com/blog/ot-network-security-threats-industrial-routers-under-attack/ 


    Tags

    MalwareRondoDoxShadowV2Exploit

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.