top of page
Search

Escalating Digital Threats: Secure AI in OT, Targeted Backdoor Campaigns, and a Pharmaceutical Research Sector Data Breach

  • Writer: Yisda Technical Team
    Yisda Technical Team
  • Dec 16, 2025
  • 3 min read

As threat actors deploy new stealthy backdoors and AI enters critical infrastructure, are your defenses evolving fast enough to match the new threat landscape?


Eye-level view of industrial control panel with AI interface
Industrial control panel showing AI integration in operational technology

This week’s newsletter highlights the expanding risks being faced by organizations across the industrial, government and research sectors. CISA released new guidance on safely integrating artificial intelligence into operational technology environments, emphasizing the growing adoption of machine learning and automation in critical infrastructure. Researchers also reported a new backdoor which is being deployed by an Iran-linked threat actor in targeted campaigns across Turkey, Israel and Azerbaijan. Meanwhile, pharmaceutical research company Inotiv confirmed that an August cyberattack exposed data belonging to thousands of individuals. These events reflect an increasingly complex threat landscape as organizations continue to modernize their environments, and adversaries continue to refine their techniques. 


CISA and International Partners Publish Framework for Secure AI in Industrial Systems

CISA and Australia’s Cyber Security Centre, alongside other federal and international partners, have released a document detailing new guidance on securely integrating artificial intelligence into operational technology environments. The document is targeted towards critical infrastructure owners and operators. The document focuses on the risks and benefits of using machine learning, large language models, and artificial intelligence based agents in operational technology systems. It outlines key principles around understanding the risks of artificial intelligence, assessing use cases in operational technology, establishing governance, embedding safety and security, and integrating artificial intelligence into incident response planning. The document encourages organizations to adopt these practices so they can take advantage of artificial intelligence while better managing safety, security, and reliability concerns in the industrial and critical infrastructure settings. Access the full article here.


Iran-Linked Threat Actor Deploys New Backdoor in Turkey, Israel, and Azerbaijan


An Iranian linked threat actor known as MuddyWater has been observed using a new backdoor called UDPGangster in targeted campaigns against users in Turkey, Israel and Azerbaijan. The operation relies on targeted phishing emails which have malicious Word documents that drop the malware into the system after users enable macros on the document. The malicious payload establishes persistent access, analyzes the device for sandbox and virtual machine environments, and includes various anti-analysis checks. The malicious payload then uses UDP-based channels for command-and-control, unauthorized data extraction, and deployment of additional malicious tools. The campaign being performed by MuddyWater highlights how regional threat actors continue to refine social engineering and anti-analysis techniques to quietly maintain access in sensitive networks. Access the full article here.


High angle view of computer screen showing malware analysis
Malware analysis on a computer screen highlighting backdoor activity

Pharmaceutical Research Company Inotiv Reports August Cyberattack and Data Theft


Inotiv, a pharmaceutical research company, has confirmed that an August cyberattack exposed data belonging to thousands of people related to the firm. A threat actor known as Qilin has claimed responsibility for the attack. Affected people include employees, family members of employees, and other contacts. In a recent SEC filing, Inotiv reported that said attackers accessed its systems between August 5 and August 8, forcing the company to take networks offline for remediation before restoring availability. The company is still assessing whether the incident will have a financial impact, but they have reported to regulators that roughly 9,500 individuals were affected. The company is now sending the required notifications related to the breach, while continuing to evaluate the full scope of the compromise. 

Access the full article here.


Close-up view of server racks in a data center
Server racks storing sensitive pharmaceutical research data

Yisda Takeaways


This week’s newsletter reinforces the rate at which cybersecurity risks are growing across all sectors. The new guidance about artificial intelligence from CISA highlights an important shift toward modernizing operational technology environments, where safety and reliability are critical. MuddyWater’s deployment of a new backdoor across Turkey, Israel and Azerbaijan show how threat actors are continuing to improve their phishing, evasion and persistence techniques. Their targeted campaign also shows the efforts that adversaries will go to tailor social engineering campaigns to specific targets. Meanwhile, Inotiv’s confirmation of a cyberattack and resulting data exfiltration highlights the ongoing impact of intrusions against research and healthcare adjacent sectors.  These developments demonstrate the need for stronger visibility across operational and IT networks, careful evaluation of third-party and emerging technology risks, and continued focus on reducing attack surfaces across the organization.

Comments

bottom of page