Ethical Hacking News
The US government has warned of a growing threat posed by Iranian hackers targeting critical infrastructure organizations, highlighting the need for robust cybersecurity measures to protect US operations from disruptions. The recent attack on Stryker highlights the potential consequences of such attacks, with approximately 80,000 devices wiped from the network of employees' mobile devices and personal computers managed by the company.
The US government has warned of a growing threat from Iranian-affiliated hackers targeting critical infrastructure organizations. The warning, issued jointly by the FBI, CISA, NSA, EPA, DOE, and the US Cyber Command, warns of attacks on operations of critical infrastructure sectors. The attackers are believed to be part of a larger campaign aimed at causing disruptions, including manipulating data displayed on HMI and SCADA displays. CyberAv3ngers, an Iranian Government Islamic Revolutionary Guard Corps (IRGC) affiliated threat group, has been exploiting vulnerabilities in US-based Unitronics operational technology (OT) systems. The attacks have resulted in financial losses and operational disruptions for affected organizations, including a recent attack on Stryker. Network defenders are advised to disconnect PLCs from the Internet or secure them using a firewall, implement multifactor authentication, and monitor network traffic for suspicious activity. The attacks are believed to be a response to hostilities between Iran and the United States and Israel. US critical infrastructure organizations must take proactive measures to secure their networks and systems to defend against such threats.
The recent warning issued by the US government regarding Iranian hackers targeting critical infrastructure organizations has sent shockwaves throughout the nation's capital. The alert, issued jointly by the FBI, CISA, NSA, EPA, DOE, and the US Cyber Command – CNMF, warns of a growing threat from Iranian-affiliated APT actors who are attempting to disrupt the operations of critical infrastructure sectors.
The FBI assesses that these attacks are part of a larger campaign aimed at causing disruptions, including maliciously interacting with project files and manipulating data displayed on HMI and SCADA displays. The agency has identified that the CyberAv3ngers threat group, affiliated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC), has been exploiting vulnerabilities in US-based Unitronics operational technology (OT) systems.
Between November 2023 and January 2024, CyberAv3ngers hackers compromised at least 75 Unitronics PLC devices across multiple waves of cyberattacks, half of which were in WWS critical infrastructure networks. The attacks resulted in financial losses and operational disruptions for the affected organizations.
The warning issued by the US government has highlighted the growing threat posed by Iranian hackers to US national security. The attacks are believed to be a response to hostilities between Iran and the United States and Israel.
To defend against such attacks, network defenders are advised to disconnect PLCs from the Internet or secure them using a firewall, scan logs for indicators of compromise shared in today's joint advisory, and check for suspicious traffic on OT ports (especially traffic originating from overseas hosting providers). Implementing multifactor authentication (MFA) for access to the OT network, keeping PLCs up to date with the latest available firmware, disabling all unused services and authentication methods (such as default authentication keys), and monitoring network traffic for suspicious activity are also recommended.
The recent attack on US medical giant Stryker by an Iranian-linked hacktivist group, which wiped approximately 80,000 devices from the network of employees' mobile devices and personal computers managed by the company, highlights the potential consequences of such attacks. The FBI has warned that Iranian hackers linked to the country's Ministry of Intelligence and Security (MOIS) are using Telegram in malware attacks.
The growing threat posed by Iranian hackers to US national security is a pressing concern for the nation's critical infrastructure organizations. The recent warning issued by the US government highlights the need for these organizations to take proactive measures to defend against such attacks. By implementing robust cybersecurity measures and staying vigilant, US critical infrastructure organizations can reduce the risk of disruptions and protect their operations from malicious actors.
In conclusion, the recent warning regarding Iranian hackers targeting critical infrastructure organizations serves as a reminder of the growing threat posed by state-sponsored attackers to US national security. The attacks are believed to be a response to hostilities between Iran and the United States and Israel, highlighting the need for robust cybersecurity measures to protect US critical infrastructure from disruptions.
The attack on Stryker highlights the potential consequences of such attacks, with approximately 80,000 devices wiped from the network of employees' mobile devices and personal computers managed by the company. The FBI has warned that Iranian hackers linked to the country's Ministry of Intelligence and Security (MOIS) are using Telegram in malware attacks.
To defend against such threats, US critical infrastructure organizations must take proactive measures to secure their networks and systems. This includes implementing multifactor authentication, keeping PLCs up to date with the latest available firmware, disabling all unused services and authentication methods, and monitoring network traffic for suspicious activity.
The recent warning issued by the US government highlights the need for these organizations to be vigilant in defending against such threats. By taking proactive measures to secure their networks and systems, US critical infrastructure organizations can reduce the risk of disruptions and protect their operations from malicious actors.
In light of this growing threat, it is essential that US policymakers take a comprehensive approach to addressing the issue. This includes providing funding for cybersecurity initiatives, supporting research into new technologies and methods for detecting and mitigating cyber threats, and enhancing cooperation between government agencies and private sector organizations to share intelligence and best practices.
By taking a proactive and coordinated approach to addressing this growing threat, US policymakers can help ensure that US critical infrastructure remains secure from the attacks of Iranian hackers. The recent warning issued by the US government serves as a reminder of the importance of staying vigilant and taking proactive measures to defend against such threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Iranian-Hackers-Target-Critical-Infrastructure-A-Growing-Concern-for-US-National-Security-ehn.shtml
https://www.bleepingcomputer.com/news/security/us-warns-of-iranian-hackers-targeting-critical-infrastructure/
https://www.usnews.com/news/world/articles/2026-04-07/iranian-hackers-targeting-of-us-critical-infrastructure-has-escalated-since-start-of-war-us-says
https://attack.mitre.org/groups/G1027/
https://apt.etda.or.th/cgi-bin/showcard.cgi?g=CyberAv3ngers
Published: Tue Apr 7 13:58:24 2026 by llama3.2 3B Q4_K_M
