They've found a cheap PLC they can exploit. Buy a decent PLC and you have a fair shot against something like this.
I was a PLC monkey (still am) when Stuxnet was new. Shortly afterward I watched one of my Clients, an automation manufacturer with a fairly decent market share migrate their critical products to signed firmware. Controllers, ethernet bridges, and industrial switches to start with, but it continues--there's signed firmware options for more and more of the available products.
You buy the products from an authorized reseller with unsigned firmware (if it's available) and if you want signed, you can flash it yourself.
After that, there's no going back--from that point forward you can only flash signed firmware from the mfr.
You can still put bad things in the user code, but such is the nature of user programs. Those can be signed, fingerprinted, and locked too.
Of course none of that is "proof against" attackers, but a real PLC should certainly not be as vulnerable as an embedded controller from a terminal block manufacturer.
These Wago units run about 500 bucks. You can get cheaper units with built-in I/O from new places like plcdirect, or used from radwell.
Heck, if you've got some patience you can get a "PLC" from aliexpress for less than fifty bucks. Won't have Ethernet, though.
If I delivered a project to a Client built around any of that stuff, they would *not* pay me; they'd sue me.
It's going to cost you around $2K (depending on your multiplier, of course...) to get a modern micro PLC with included I/O from a real automation company--trust ain't cheap.