Mitigating Attacks Against Uninterruptable Power Supply Devices

Home / Articles / External / Government

Source: Energystar.gov
Source: Energystar.gov

March 30, 2022 | Originally published by CISA on March 29, 2022

CISA and the U.S. Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices, often through unchanged default usernames and passwords. Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet.

Organizations can mitigate attacks against UPS devices by immediately removing management interfaces from the internet. Review CISA and DOE’s guidance on mitigating attacks against UPS devices for additional mitigations and information.

Focus Areas