Why are the target companies not named in this instance, I wonder ? Most companies in the industrial security business gleefully name both victims and culprits.
It sounds like the hackers are pursuing a vendor agnostic approach by searching for the ubiquitous "OPC" server registry strings that get inserted by everyones' SCADA products.
>...that get inserted by everyones' SCADA products.
PeakHMI only registers as an OPC server if the user takes steps to register/unregister the program as an OPC server. I thought this was the "norm". You had to check a box, run a batch file, etc..
I also wonder, since what I read did not say, if the installer was "signed". Interesting.