Legal · Last updated 2026-05-26
Terms & Disclaimers
This page documents the trademarks, third-party references, and source basis used across the Cyberange marketing site — in particular the historic-incident references on the Phygital Range page.
1. Trademarks & third-party marks
Product names, logos, brands, and other trademarks referenced on this site — including but not limited to Siemens, Schneider Electric, Triconex, TriStation, Honeywell, Yokogawa, TeamViewer, and any other vendor names that appear in scenario copy — are the property of their respective owners.
Such marks are referenced under the doctrine of nominative fair use solely for the purpose of accurately describing publicly documented cybersecurity incidents and the technical systems involved. No affiliation with, sponsorship by, or endorsement from any named third party is implied or claimed.
Cyberange is not a licensee or authorised reseller of any of the named third-party products. The use of any third-party mark in this material does not establish or imply any partnership, joint venture, or commercial relationship between Cyberange and that party.
2. Historic incident references
The Phygital Range page references a number of historic cybersecurity incidents affecting industrial control systems and critical infrastructure. These references describe events and actors that have been publicly disclosed in government advisories, indictments, court filings, and major threat-intelligence publications.
Where a specific affected organisation could be identified from public reporting, Cyberange has elected to anonymise the organisation in user-facing copy (e.g., references to "a global shipping line" rather than the specific company), while retaining the original public sources in the citation list below for review.
Threat-actor attributions cited on this site reflect determinations published by government authorities (CISA, FBI, NCSC, US Treasury OFAC, US DOJ, UK NCSC and equivalents) and by major commercial threat-intelligence vendors. Such attributions are reproduced as published; Cyberange makes no independent determination of attribution.
3. Source basis
Every factual claim about a historic incident on this site is traceable to one or more of the following public sources. Citations are grouped by scenario as referenced on the Phygital Range page.
Ukraine 2015 — Power Grid · Power · 2015
- · E-ISAC / SANS ICS (2016) — Analysis of the Cyber Attack on the Ukrainian Power Grid
- · CISA / ICS-CERT (2016) — IR-ALERT-H-16-056-01 — Cyber-Attack Against Ukrainian Critical Infrastructure
- · US DOJ (2020) — Indictment, US v. Andrienko et al. (GRU Unit 74455 / Sandworm)
Stuxnet 2010 — Natanz Centrifuges · Nuclear · 2010
- · Symantec (2011) — W32.Stuxnet Dossier (Version 1.4)
- · CISA / ICS-CERT (2010) — ICSA-10-272-01 — Siemens SIMATIC WinCC and PCS 7 Vulnerability
- · New York Times (2012) — Obama Order Sped Up Wave of Cyberattacks Against Iran (Sanger)
- · IAEA (2011) — Iran nuclear facility incident reports / Natanz centrifuge replacement data
Triton 2017 — Petrochemical SIS · Petrochemical · 2017
- · FireEye / Mandiant (2017) — Attackers Deploy New ICS Attack Framework TRITON
- · Dragos (2017) — TRISIS Malware: Analysis of Safety System Targeted Malware
- · CISA (2017) — MAR-17-352-01 — HatMan: Safety System Targeted Malware
- · US Treasury OFAC (2020) — Treasury Sanctions Russian Government Research Institution Connected to the Triton Malware
2021 — US Fuel Pipeline Ransomware · Pipeline · 2021
- · CISA / FBI (2021) — AA21-131A — DarkSide Ransomware: Best Practices for Preventing Business Disruption
- · Mandiant (2021) — Shining a Light on DarkSide Ransomware Operations
- · TSA / DHS (2021) — Security Directive Pipeline-2021-01
- · US DOJ (2021) — Justice Department Seizes $2.3M in Cryptocurrency Paid to DarkSide
- · US House Committee on Homeland Security (2021) — Hearing testimony of Joseph Blount (CEO statements re: ransom + outage scope)
Oldsmar 2021 — Water Treatment · Water · 2021
- · CISA / FBI / EPA / MS-ISAC (2021) — AA21-042A — Compromise of U.S. Water Treatment Facility
- · Pinellas County Sheriff (press conference + statement) (2021) — Treatment Plant Intrusion — Oldsmar FL, public statements
- · Krebs on Security (2021) — Florida Water Treatment Hack: Time for a Pre-Mortem
- · WIRED (2023) — Subsequent FBI doubt on the Oldsmar intrusion — re-reporting
NotPetya 2017 — Global Logistics · Logistics · 2017
- · UK NCSC / White House (joint attribution) (2018) — UK and US attribution of NotPetya to Russian military (GRU)
- · US DOJ (2020) — Indictment, US v. Andrienko et al. (GRU Unit 74455 / Sandworm)
- · WIRED (2018) — The Untold Story of NotPetya, the Most Devastating Cyberattack in History (Greenberg)
- · Cisco Talos (2017) — New Ransomware Variant "Nyetya" Compromises Systems Worldwide
- · A.P. Møller-Maersk (2017) — Annual Report 2017 — cyberattack financial impact disclosure
4. No endorsement or affiliation
Nothing on this site should be read as a claim that any vendor, organisation, or government body named in the historic-incident references has endorsed, sponsored, certified, partnered with, or otherwise authorised Cyberange's products, services, or marketing. Where a relationship exists, it is described explicitly on the relevant page.
5. Lab-only use of attack content
All attack-replay content described on this site is intended to run in isolated laboratory environments for the purposes of defensive training, research, exercise design, and product development. Information on this site is not, and is not intended to be, operational tooling, an attack playbook, or a guide to replicating any described incident against systems the reader does not own or operate with documented authorisation. Misuse of cybersecurity information may violate Indian, US, UK, EU, and other applicable laws.
6. Information accuracy & limitation of liability
Information on this site is provided on an "as-is" basis for general informational purposes. While Cyberange makes reasonable efforts to verify factual claims about historic incidents against the public sources cited above, descriptions are necessarily summaries and may omit, simplify, or be superseded by later reporting.
To the maximum extent permitted by applicable law, Cyberange and its affiliates disclaim all warranties, express or implied, including warranties of accuracy, fitness for a particular purpose, and non-infringement, and shall not be liable for any direct, indirect, incidental, consequential, or special damages arising from the use of, or reliance on, information presented on this site.
Corrections and source-quality concerns may be reported to [email protected] .
7. Governing law & jurisdiction
These disclaimers are governed by the laws of India. Any dispute arising out of or in connection with the content of this site shall be subject to the exclusive jurisdiction of the competent courts in Noida, Uttar Pradesh, India, without prejudice to any mandatory consumer-protection rights applicable in the user's country of residence.
This page does not constitute legal advice. Cyberange recommends that any organisation referencing or relying on this material consult qualified counsel in its own jurisdiction.