Tag: iran
-
Hackers Are Targeting Critical Infrastructure to Cause Real-World Damage
Critical infrastructure was once considered too complex and isolated to be a primary cyber target. That assumption no longer holds. New reporting from Cyber Security News reveals that the Iran-linked CyberAv3ngers group is actively targeting water utilities, energy systems, and industrial controllers across the United States. What started as symbolic attacks has now evolved into…
-
GEOINT in the Iran War: Targeting, Intelligence, and the Battle for Information Access
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/geoint-in-the-iran-war-targeting-intelligence-and-the-battle-for-information-access
-
The Iranian Conflict Leads to the Latest Attack on OT Production – ARIA Cybersecurity
<div cla CISA and the FBI warned that Iranian-backed cyber attackers are targeting Rockwell LOGIX® PLC deployments in Government, Energy and Water/Wastewater as well as other industries first back on March 20th 206. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/the-iranian-conflict-leads-to-the-latest-attack-on-ot-production-aria-cybersecurity/
-
State-sponsored threats: Different objectives, similar access paths
A look at 2025 state-sponsored threats, exploring how actors linked to China, Russia, North Korea, and Iran use vulnerabilities, identity, and trusted access paths to achieve their goals. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/state-sponsored-threats-different-objectives-similar-access-paths/
-
Cyber-Inspekteur: Hybride Attacken nehmen weiter zu
Deutschland ist im Visier staatlicher Hacker.Hybride Attacken auf kritische Infrastruktur in Deutschland und Bundeswehr-Truppen im Ausland nehmen weiter zu. Spätestens seit 2022 sei ein spürbarer Zuwachs zu verzeichnen, sagte der Bundeswehr-Inspekteur Cyber- und Informationsraum, Vizeadmiral Thomas Daum, bei einem Pressetermin bei der Nato-Cyberabwehrübung «Locked Shields» im niederrheinischen Kalkar. Cyber-Angriffe gegen die Bundeswehr richteten sich gegen Rechenzentren in…
-
Iran-Linked CyberAv3ngers Target Water Utilities, Industrial Controllers
Iran-linked threat group CyberAv3ngers is intensifying attacks on U.S. water utilities and industrial control systems, shifting from noisy hacktivism to sustained disruption of operational technology (OT) environments. CyberAv3ngers operates as a state-directed persona for Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), not as an independent hacktivist crew. U.S. Treasury sanctions in February 2024 named six IRGC-CEC…
-
Iran-linked group Handala claims to have breached three major UAE organizations
Iran-linked group Handala claims to have breached three major UAE organizations, Dubai Courts, Dubai Land Department, and Dubai Roads & Transport Authority The group Handala claimed a major cyberattack against the UAE, targeting Dubai Courts Department, Dubai Land Department, and Dubai Roads and Transport Authority. They alleged destroying 6 petabytes of data and stealing 149 TB…
-
Security Affairs newsletter Round 572 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S. GlassWorm evolves with…
-
Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.
Tags: apt, attack, automation, cisa, cyberattack, data-breach, exploit, infrastructure, Internet, iran, technology, threatCensys researchers found 5,219 exposed Rockwell PLCs online, mostly in the U.S., urging defenders to secure or disconnect them. On April 7, 2026, U.S. agencies, including FBI, CISA, and NSA, warned of Iran-linked APTs exploiting internet-exposed Rockwell Automation PLCs. Threat actors are carrying out cyberattacks targeting internet-connected operational technology (OT) across multiple critical infrastructure sectors.…
-
Your Push Notifications Aren’t Safe From the FBI
Plus: Iran’s internet blackout hits the 1,000-hour mark, cryptocurrency scams result in a record amount of money stolen from Americans, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-your-push-notifications-arent-safe-from-the-fbi/
-
News brief: Iran cyberattacks escalate, U.S. targets named
Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366641212/News-brief-Iran-cyberattacks-escalate-US-targets-named
-
Stryker warns of earnings fallout from March cyberattack
The medtech company was targeted in a wiper attack linked to an Iran-sponsored threat group. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/stryker-Iran-cyberattack-material-impact-earnings/817211/
-
Nearly 4K industrial control devices vulnerable to Iran-linked hacking campaign
A research firm tallied the internet-exposed devices Iran is targeting and recommended mitigations for any infrastructure operator using them. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-infrastucture-plcs-iran-hacking-censys/817209/
-
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nearly-4-000-us-industrial-devices-exposed-to-iranian-cyberattacks/
-
Nearly 4,000 industrial control devices vulnerable to Iran-linked hacking campaign
A research firm tallied the internet-exposed devices Iran is targeting and recommended mitigations for any infrastructure operator using them. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-infrastucture-plcs-iran-hacking-censys/817209/
-
Nearly 4,000 industrial control devices vulnerable to Iran-linked hacking campaign
A research firm tallied the internet-exposed devices Iran is targeting and recommended mitigations for any infrastructure operator using them. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-infrastucture-plcs-iran-hacking-censys/817209/
-
Iranian APT alert: 5,219 Rockwell PLCs exposed online
Censys has warned that more than 5,000 Rockwell Automation/Allen-Bradley PLCs are currently exposed to the internet as Iranian-affiliated APT actors actively target these devices across U.S. critical infrastructure. The same operators were previously associated with a November 2023 campaign that compromised at least 75 Unitronics PLCs in U.S. water and wastewater facilities, showing a continuing…
-
Iran Crisis Highlights Rising Gulf Cybersecurity Risks to Critical Infrastructure
The Persian Gulf is a strategically sensitive region due to energy reserves, maritime trade routes, and ongoing geopolitical rivalries. The recent escalation involving Iran and regional adversaries has reinforced instability in the region and highlighted the growing relevance of Gulf cybersecurity, alongside traditional security concerns. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/iran-crisis-gulf-cybersecurity-middle-east/
-
MuddyWater Uses Russian MaaS in New ChainShell Attack
MuddyWater is now weaponizing a Russian malware-as-a-service (MaaS) platform to run a new operation dubbed “ChainShell”, blending Iranian state targeting with commercially developed cybercrime tooling. The assessment is based on a misconfigured command”‘and”‘control (C2) web server, 15 malware samples, and a previously undocumented JavaScript/Node.js payload named ChainShell. Investigators conclude that MuddyWater is running at least…
-
What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure
Tags: access, advisory, ai, attack, authentication, automation, backup, cctv, chatgpt, cisa, communications, compliance, control, credentials, crypto, cve, cyber, cybersecurity, data, data-breach, defense, detection, dns, email, exploit, finance, firewall, flaw, government, group, healthcare, infrastructure, intelligence, international, Internet, iot, iran, kev, leak, linux, malicious, malware, mitigation, mitre, monitoring, network, office, openai, password, radius, resilience, risk, router, service, siem, software, strategy, switch, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementAn Iran-affiliated threat group has evolved from defacing water utility displays to deploying custom ICS malware and exploiting Rockwell Automation PLCs across multiple U.S. critical infrastructure sectors. Key takeaways: CyberAv3ngers is a state-directed threat group operating under Iran’s IRGC Cyber-Electronic Command. The U.S. Treasury sanctioned six named officials in February 2024 and the State Department…
-
Iranian attacks on US critical infrastructure puts 3,900 devices in crosshairs
Censys researchers warned that thousands of devices are exposed to the Iranian government’s campaign targeting energy, water, and U.S. government services and facilities. First seen on cyberscoop.com Jump to article: cyberscoop.com/iran-attackers-industrial-ot-government-energy-water-censys/
-
Do Ceasefires Slow Cyberattacks? History Suggests Not
The cybersecurity community is waiting with bated breath to see if Iranian hackers will honor a ceasefire that doesn’t actually name or directly involve them. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-analytics/ceasefires-slow-cyberattacks-history
-
Trump’s Proposed $707 Million CISA Budget Cut a ‘Gift to Nation-State Actors’
The Trump Administration wants to strip $707 million from CISA as it looks to narrow the scope of the security agency, but cybersecurity experts are saying that such cuts are a strategic mistake at a time when threat groups linked to China, Iran, and other nation-states are increasingly targeting U.S. critical infrastructure. First seen on…
-
NERC is ‘actively monitoring the grid’ following Iran-linked cyber threat
Hackers have disrupted critical U.S. infrastructure by targeting programmable logic controllers, the Cybersecurity and Infrastructure Security Agency warned. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/nerc-cisa-iran-war-cyber-hacking/817079/
-
Human Risk in Geopolitical Conflict: Iran War Lessons
Nisos Human Risk in Geopolitical Conflict: Iran War Lessons The war in the Middle East that began on February 28th has dominated headlines, disrupted markets, and forced boardrooms into emergency conversations about exposure… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/human-risk-in-geopolitical-conflict-iran-war-lessons/
-
Iran-linked hackers disrupt operations at US critical infrastructure sites
As the US and Israel’s war has ramped up, so too have hacks on US industrial sites. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/iran-linked-hackers-disrupt-operations-at-us-critical-infrastructure-sites/
-
Iran-linked hackers target water, energy in US, FBI and CISA warn
Nation-state actors have exploited flaws in industrial programmable logic controllers, leading to disruption and financial losses. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-linked-hackers-targeting-water-energy-in-us-fbi-and-cisa-warn/816949/
-
Iranian Threat Actors Target U.S. Critical Infrastructure
Iranian attackers are targeting U.S. critical infrastructure by exploiting PLCs with legitimate tools, enabling stealthy disruption of industrial systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/iranian-threat-actors-target-u-s-critical-infrastructure/
-
Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs
Attackers compromised Internet-facing OT devices and caused file and display manipulation, operational disruption, and financial losses across sectors. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/iranian-threat-actors-us-critical-infrastructure-exposed-plcs
-
Iranian Attackers Are Targeting U.S. Energy, Water Systems, Federal Agencies Say
CISA, the FBI, and other U.S. security agencies are warning that Iran-linked threat groups like CyberAv3ngers are compromising industrial controllers like PLCs to attack critical infrastructure operations in such sectors as water and energy, part of the expanding cyber warfare in the wake of the U.S. and Israeli bombing campaign of the Middle Eastern country.…