Iran's Cyber Crosshairs Focus Beyond Critical Infrastructure
Obscurity isn't a defense. If your company has any Internet-facing vulnerability, you're at risk from multiple threats.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Obscurity isn't a defense. If your company has any Internet-facing vulnerability, you're at risk from multiple threats.
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026
As the war with Iran continues, breach attempts targeting the United Arab Emirates tripled in a few weeks — many targeting critical infrastructure.
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. [...]
Censys researchers warned that thousands of devices are exposed to the Iranian government’s campaign targeting energy, water, and U.S. government services and facilities. The post Iranian attacks on US critical infrastructure puts 3,900 devices in crosshairs appeared first on CyberScoop.
Attackers compromised Internet-facing OT devices and caused file and display manipulation, operational disruption, and financial losses across sectors.
CISA has revealed Iranian attacks causing disruption and financial loss at US critical infrastructure firms
President Brad Smith tells an interviewer that Microsoft is reconsidering datacenter design in light of Iran war Microsoft is reevaluating how it designs and builds datacenters in conflict-prone regions after Iran began targeting Middle Eastern bit barns in retaliation for US military operations.…
Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday
CISA: Iran-Linked Groups Actively Exploiting OT Exposure Risks, PLC ProgrammersFederal agencies are warning that Iranian-linked actors have begun actively exploiting internet-facing PLCs and misconfigured OT systems across U.S. critical infrastructure, enabling network access, lateral movement and potential disruption amid rising geopolitical tensions.
Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. [...]
Experts Cite Prepositioning Risk in Iranian Cyber Operations Amid Escalating WarWarnings from Iranian-linked hacking groups targeting U.S. water systems highlight a growing risk of prepositioned cyber access and rapid attack activation, analysts told ISMG, as federal defenders confront rising geopolitical tensions and operational strain across critical infrastructure sectors.
Experts Cite Prepositioning Risk in Iranian Cyber Operations Amid Escalating WarWarnings from Iranian-linked hacking groups targeting U.S. water systems highlight a growing risk of prepositioned cyber access and rapid attack activation, analysts told ISMG, as federal defenders confront rising geopolitical tensions and operational strain across critical infrastructure sectors.
Also, Russian Signal Phishing, Iran-Linked Malware, Breaches in Spain and FranceThis week, Tycoon 2FA, Trio-Tech, messaging app spying and a ransomware broker sentenced. Iran-linked hackers. Mazda disclosed a breach. Oracle patched a flaw. North Korean actors weaponized VS Code, a Spanish port ransomware attack, a French teacher data breach and a healthcare firm victim surge.
Also: CISA Protocol Concerns, AI Agents Push Past Cybersecurity ControlsIn this week's panel, four ISMG editors unpacked the cyber dimensions of the Stryker attack amid the escalating Iran-Israel-U.S. tensions, the growing controversy around CISA leadership and alleged protocol breaches, and a new set of concerns related to AI agents bypassing security controls.
The European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. [...]
Medical Device Manufacturer Hack Was Likely OpportunisticAn Iranian cyberattack on medical device maker Stryker's internal IT environment does not appear to affect connected products used by the company's healthcare clients. But an outage of Stryker's electronic ordering system could lead to supply chain issues for its customers.
Healthcare Hit Shows Symbols Matter as Iran Shifts Focus to Economic DamageCybersecurity experts say that the Handala "hacktivist" group that claimed credit for attacks against two American firms on Wednesday is run by the Iranian government. The shift to destructive cyberattacks parallels Iran's attempt to inflict greater economic damage on the United States and allies.
Cyber is no longer the hush-hush thing it used to be, as team Trump invades Iran with hackers taking the lead Kettle Unlike previous military conflicts, the cyber domain has been front and center since the Trump administration invaded Iran, upending the traditionally quiet role played by hackers in military conflicts.…
MOIS-linked MuddyWater crew has a new, custom implant An Iranian cyber crew believed to be part of the Iranian Ministry of Intelligence and Security (MOIS) has been embedded in multiple US companies' networks - including a bank, software firm, and airport, among others - since the beginning of February, with more activity in the days following the US and Israeli military strikes, according to security researchers.…