Summary: Threat intelligence indicates a targeted ransomware campaign against automated port terminals in the GCC and Asia. The malware, “RustBucket,” specifically targets the PLCs (Programmable Logic Controllers) of autonomous cranes, locking them in a “Safety Stop” mode that requires a physical key to override.
Business Impact: Supply Chain Paralysis. For logistics hubs in Bahrain, this is a physical denial-of-service attack. If cranes are locked, cargo cannot move, leading to millions in demurrage charges per day.
Why It Happened: Attackers gained entry via a compromised third-party maintenance VPN used by the crane manufacturer for remote diagnostics, moving laterally into the OT network.
Recommended Executive Action: Immediate Action: Temporarily disable remote maintenance VPNs for all OT equipment this weekend. Verify that your “Manual Override” keys are physically accounted for and accessible to on-site engineers.
Hashtags: #OTSecurity #SupplyChain #Logistics #Ransomware #Bahrain #CriticalInfrastructure