CyberSecurityBoard
Sponsor Register Login

CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure

The most concerning aspect of Iranian cyber operations involves their systematic targeting of operational technology networks and industrial control systems across multiple critical infrastructure sectors. When targeting operational technology environments, attackers utilize specialized system engineering and diagnostic tools to compromise critical infrastructure components including programmable logic controllers, human machine interfaces, and third-party monitoring systems. The threat actors demonstrated advanced understanding of industrial processes, using legitimate system engineering tools to maintain persistence within operational technology environments while avoiding detection by traditional cybersecurity monitoring systems. The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, Department of Defense Cyber Crime Center, and National Security Agency, has issued an urgent warning regarding potential cyber attacks by Iranian-affiliated actors targeting U.S. critical infrastructure. Iranian cyber groups have demonstrated a consistent pattern of exploiting vulnerable systems through sophisticated attack vectors that leverage both technical vulnerabilities and social engineering tactics. Between November 2023 and January 2024, Iranian Islamic Revolutionary Guard Corps-affiliated actors conducted a global campaign against Israeli-manufactured programmable logic controllers and human machine interfaces, resulting in dozens of compromised U.S. victims across water and wastewater, energy, food and beverage manufacturing, and healthcare sectors. Despite ongoing ceasefire negotiations and diplomatic efforts, these threat actors continue to pose significant risks to American networks and systems, particularly those within the Defense Industrial Base sector. These malicious actors routinely target poorly secured networks and internet-connected devices, focusing on systems with unpatched software containing known Common Vulnerabilities and Exposures (CVEs) or devices protected only by default manufacturer passwords. Recent campaigns demonstrate the evolving sophistication of Iranian cyber operations, with attackers conducting coordinated hack-and-leak operations combined with information warfare tactics. CISA analysts identified that these threat actors have increasingly focused on Defense Industrial Base companies, particularly those maintaining relationships or holdings with Israeli research and defense organizations. These attacks specifically exploited internet-connected industrial control systems that utilized factory-default passwords or remained completely unprotected, accessing systems through default Transmission Control Protocol ports. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Jul 2025 07:30:14 +0000


Cyber News related to CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure

What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
10 months ago Cyberdefensemagazine.com Akira
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
1 year ago Cisa.gov
CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure - The most concerning aspect of Iranian cyber operations involves their systematic targeting of operational technology networks and industrial control systems across multiple critical infrastructure sectors. When targeting operational technology ...
1 month ago Cybersecuritynews.com
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities - SUMMARY. The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, and the Israel National Cyber Directorate-hereafter referred to as "The authoring agencies"-are ...
1 year ago Cisa.gov
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches - It has been announced that six Iranian officials have been sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control, the Iranian government organization responsible for the series of malicious cyber activities directed against ...
1 year ago Cysecurity.news
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity - The mission of the Cybersecurity and Infrastructure Security Agency is to lead the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. CISA is not responsible ...
1 year ago Darkreading.com
Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
1 year ago Blog.checkpoint.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
10 months ago Therecord.media
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
2 years ago Securityweek.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
1 year ago Cisa.gov
Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors - This aggressive campaign has prompted urgent warnings from the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Homeland Security, highlighting the critical need for enhanced security measures across industrial and ...
4 weeks ago Cybersecuritynews.com MuddyWater OilRig APT3 APT33
DHS says CISA will not stop monitoring Russian cyber threats - In response to questions about the Guardian's story, Tricia McLaughlin, Assistant Secretary for Public Affairs, U.S. Department of Homeland Security, told BleepingComputer that the memo is fake and that CISA will continue to address cyber threats ...
5 months ago Bleepingcomputer.com
Detecting Cyber Attack Patterns by Analyzing Threats Actors Infrastructure - The identification of cyber attack patterns through infrastructure analysis has emerged as a crucial methodology in modern threat intelligence. By examining the digital footprints left by threat actors, security analysts can now reconstruct attack ...
4 months ago Cybersecuritynews.com
Important details about CIRCIA ransomware reporting - This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments. Ransomware attacks have become ...
1 year ago Securityintelligence.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
1 year ago Securityzap.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
1 year ago Cyberdefensemagazine.com
ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government - The hackers behind recent cyberattacks targeting industrial control systems at water facilities in the US are affiliated with the Iranian government, according to security agencies in the United States and Israel. The FBI, CISA, the NSA, the EPA and ...
1 year ago Securityweek.com
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
1 year ago Securityweek.com
Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft - In the context of the Israel-Hamas conflict, Iran's offensive operations against Israel were initially reactive and chaotic, but quickly ramped up and expanded in scope, Microsoft says. Immediately after October 7, Iranian threat actors were seen ...
1 year ago Securityweek.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
1 year ago Scmagazine.com
Hackers breach US water facility via exposed Unitronics PLCs - CISA is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers exposed online. PLCs are crucial control and management devices in industrial settings, and hackers compromising them could ...
1 year ago Bleepingcomputer.com Scattered Spider
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
1 year ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)