Attacks on industrial sector double
BI.ZONE Threat Intelligence reports a surge in cyberattacks targeting the industrial sector. Throughout 2025, they hovered around 5–6%, but in the first six months of 2026 jumped to 11%, with attacker motivations shifting dramatically. While nearly half of all attacks (47%) were previously driven by espionage, an equal proportion is now motivated by direct financial gain.
In May and June 2026, industrial companies faced a wave of attacks from the financially driven cluster Clubfoot Wolf. The adversary predominantly targeted smaller organizations within the chemical industry. Rather than concentrating on a few large, potentially well‑defended targets, the group opted for a high-volume approach, exploiting the weaker infrastructure security typical of smaller businesses.
This growing interest in the Russian industrial sector is also evidenced in the sale of specialized attack tools. In June, Wrecking Hyena offered an updated attack framework in their Telegram channel for $500. The framework covers the entire attack life cycle—from scanning and reconnaissance to data exfiltration and storage. The tool also helps analyze vulnerabilities in targeted systems, exploit industrial protocols, carry out DDoS attacks, and compromise remote access points. Interestingly, the threat actor initially positioned itself as a hacktivist group, claiming to act solely on ideological grounds rather than for profit.
Stay ahead of all threats with the BI.ZONE Threat Intelligence portal, which provides up‑to‑date information on tactics, techniques, procedures, and tools used in cyberattacks. Discover the latest, most comprehensive threat data relevant to your specific industry and region.