Dragos researchers linked a wave of intrusions at US water utilities to a Chinese state-aligned group known as VoltTyphoon-2.
Attackers scanned for exposed human-machine interfaces running default credentials on Allen-Bradley controllers.
Operators are urged to air-gap control networks and rotate passwords immediately.
