Alert

Mitigating Attacks Against Uninterruptable Power Supply Devices

Last Revised

CISA and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices, often through unchanged default usernames and passwords. Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet.

Organizations can mitigate attacks against UPS devices by immediately removing management interfaces from the internet. Review CISA and DOE’s guidance on mitigating attacks against UPS devices for additional mitigations and information.

This product is provided subject to this Notification and this Privacy & Use policy.