Noteworthy Cyberattacks that Shook Manufacturing in 2025

The Internet of Things (IoT) continues to reshape manufacturing as part of the broader Industry 4.0 evolution. By embedding connected devices across industrial settings, manufacturers are optimizing everything from worker safety and inventory management to predictive maintenance and quality control.

While these examples often fall under the broader IoT umbrella, a more specific category, known as the Industrial Internet of Things (IIoT), refers to connected devices that directly interact with production processes. These include robots on automotive assembly lines, sensors monitoring grain quality, and smart conveyor systems. Together, IoT and IIoT technologies are driving the emergence of smart factories, enabling real-time visibility, operational efficiency, and data-driven decision-making.

This transformation is largely positive. Manufacturers rely on IoT devices for everything from security and monitoring to automation and predictive maintenance. As a result, manufacturing averages 47 IoT devices per thousand square feet of factory space. Together, IoT and IIoT fuel smart factories that drive efficiency and data-driven decision-making.

However, the rise in connectivity also introduces new cyber threats.

Manufacturer’s Adoption of IoT Creates a Security Risk 

There are clear benefits to using IoT in manufacturing. Inventory management via RFID tags and UPC codes requires manual effort to track and input data; IoT inventory tagging can automatically update a computer when the item is moved. Sensors in industrial equipment can help track when maintenance is required throughout a distributed factory floor. IoT devices like cameras can monitor for safety issues and notify the necessary parties automatically. 

Despite these benefits, however, there remain significant security risks. As one of the 16 sectors defined as critical infrastructure, manufacturing environments are frequent targets of cyber threats, and IoT and IIoT devices can easily be overlooked as attack vectors.

Many of these devices lack built-in security features, transmit unencrypted data, and are easy for threat actors to discover and exploit if exposed to the public internet. Once compromised, IoT endpoints can be used to move laterally across networks, increasing the likelihood of a data breach or production outage. Moreover, unencrypted traffic from IoT devices means attackers can exfiltrate sensitive data with minimal effort or resistance.A weak or nonexistent security and incident response strategy compounds the risk. Without proper visibility into IoT traffic and device behavior, organizations may not detect malicious activity until long after exfiltration has occurred. For manufacturers embracing digital transformation, protecting IoT ecosystems must be a central part of the security program, not an afterthought.

What Are Some Examples of Cyberattacks Targeting Manufacturers? 

According to IBM X-Force’s 2025 Threat Intelligence Index, manufacturing is the #1-targeted industry for cyberattacks globally for the fourth consecutive year, accounting for 26% of all documented incidents within critical sectors, even surpassing finance and insurance.

Manufacturing companies experienced 54.5% of attacks in 2023, according to Zscaler research, with an average of 6,000 attacks against them per week. Given that manufacturing companies tend to have tens or hundreds of thousands of OT, IIoT, and IoT devices in their networks, they have some unique weaknesses among other firms. 

Manufacturing companies are also some of the most critical to a country’s economy. Interrupting the operations of the right manufacturing company can cause failures throughout certain market sectors. 

A few of the most recent attacks include: 

• On May 14, 2025, Nucor, North America’s largest steel producer, detected unauthorized third-party access to its IT systems and, as a precautionary measure, halted production at multiple sites. The company promptly activated its incident response plan, took affected systems offline, engaged cybersecurity experts, and notified federal law enforcement.
• On April 27, 2025, medical device manufacturer Masimo discovered unauthorized activity on its on-premise network. The company immediately responded by isolating affected systems and bringing in third-party cybersecurity experts. The disruption forced several of its manufacturing facilities to operate below normal capacity, delaying the processing, fulfillment, and shipping of customer orders, though its cloud systems remained unaffected. While no threat actor groups claimed responsibility, the nature of the disruption, combined with the company’s announcement, led to speculation that it may have been a ransomware attack.
• Ingersoll Rand, a maker of compressors, experienced a ransomware attack in March 2023, where malicious actors leaked an estimated 3% of stolen data. 
• Johnson Controls International experienced a ransomware attack that also impacted two of its subsidiaries and encrypted the company’s VMware ESXi machines. Malicious actors stole more than 27 terabytes of data in the attack, potentially also including Department of Homeland Security floor plans and security information. 
• Fortive Corp, which makes test and measurement tools and asset management software, reported a $5 million one-time expense on its earnings report related to the remediation and operational impact of a ransomware attack from BlackBasta.
• Mueller Water Products, Inc. reported a cyberattack in October 2023 that affected its IT and OT systems alike and wasn’t fully contained until the end of November. Mueller is one of the largest manufacturers and distributors of fire hydrants, gate valves, and other water infrastructure products in North America. They delayed filing a 10-K with the SEC and didn’t resume normal operations until mid-December. 

Strengthening IoT Security in Critical Manufacturing Environments

Manufacturers can expect to face a growing number of cyber threats in the years ahead. According to the Cybersecurity and Infrastructure Security Agency (CISA), targeted attacks on manufacturing could disrupt not only the nation’s industrial output but also essential services across interconnected infrastructure systems.

While Connected machinery has launched a new level of innovation and efficiency in manufacturing, the convergence of traditional IT, IoT, and IIoT devices introduces complexities that threat actors are increasingly eager to exploit, especially as more systems become internet-facing. To reduce the risk of unauthorized system access, manufacturing organizations must take a proactive approach to securing their environments.

Finding an IoT security platform that empowers you with automated asset discovery to uncover shadow IoT is especially important. IoT devices are often deployed with minimal input from IT teams. As a best practice, organizations should layer an IoT security platform alongside proven cybersecurity best practices:

Incident response planning: Develop and routinely test an incident response plan tailored to your unique environment.

Device visibility and monitoring: Step one of any manufacturing cybersecurity program is a comprehensive inventory of all network-connected assets, including industrial IoT (IIoT), OT, and legacy devices. An IoT security platform should automatically identify all devices and maintain an up-to-date inventory with details such as device time, manufacturer, and firmware version.

Monitor for anomalous traffic or behavior: Manufacturing systems typically follow predictable communication patterns. Similar to having a device inventory, having a snapshot of an IoT device’s ‘known good configuration’ allows for streamlined recovery in the event of configuration changes or cyberattacks.

Network segmentation: Segmenting IT and OT networks is essential. If a threat actor gains access to one part of the system, segmentation can prevent them from moving laterally across production lines or into enterprise systems, reducing the blast radius of potential attacks.

Access controls: Limit access to sensitive industrial systems to authorized personnel only. Strengthen identity protections by enforcing multi-factor authentication (MFA), rotating credentials, and regularly reviewing user permissions, especially for remote or third-party users.

Vulnerability management: Manufacturing environments often rely on equipment that wasn’t designed for patching and updates. An ideal OT solution uses industry standards to identify, analyze, and rank critical vulnerabilities and provides targeted recommendations for vulnerability management by surfacing the simplest actions to reduce risk.

How Asimily Helps Defend Manufacturing Companies

Asimily’s platform is designed to streamline IoT security. As manufacturers adopt more smart technologies and IoT devices, locking down traffic and being able to determine traffic sources or any unusual connections can be very powerful. If cybersecurity teams notice that a water sensor is transmitting data somewhere it shouldn’t be, for example, that’s vital information to track a potential breach. 

Manufacturers can use Asimily’s risk simulation to assess options for mitigating the risk from a given vulnerability on a device. Simulating a fix before doing it can help you determine criticality and whether the weakness is even of interest to attackers before doing the work. That’s critical information when you’re deciding how to improve your security posture. For instance, you may find that certain devices or access controls are inadequate.

Asimily provides holistic context into an organization’s IoT environment when calculating impact- and likelihood-based risk scoring for devices. Our vulnerability scoring considers the compensating controls so you can more appropriately prioritize remediation activities for the riskiest devices.

Asimily customers efficiently identify high-risk vulnerabilities with our proprietary, patented algorithm that regularly cross-references vast amounts of data from resources like EPSS (Exploit Prediction Scoring System), Software Bills of Material (SBOMs), Common Vulnerability and Exposure (CVE) lists, the MITRE ATT&CK Framework, and NIST Guidelines. It understands your unique environment, so our deep contextual recommendation engine can provide real-time, actionable remediation steps to reduce risk and save time.

Asimily customers are 10x more efficient because the engine can pinpoint and prioritize the top 2% of problem devices that are High-Risk (High Likelihood of exploitation and High Impact if compromised). Unlike many offerings that don’t take into account the effort needed to handle identified issues, Asimily’s recommendations are as easy to execute as possible, from shutting down an unnecessary service to network enforcement solutions.

To learn more about Asimily, download our IoT Device Security in 2024: The High Cost of Doing Nothing whitepaper or contact us today.