Iran-linked proxy cyber-physical device scanning campaign
Campaign
Summary
Hide ▲
Show ▼
Iran-linked proxies are widening scans for vulnerable cyber-physical devices, increasing the risk of opportunistic access across specific countries and the private sector. The focus includes IP cameras and industrial control systems, which can provide direct visibility into sensitive environments. The shift suggests a broader campaign to find exposed devices that can be used for reconnaissance or later access.
Related Happenings
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
China-nexus hijacked-device proxy network campaign
Campaign
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
China-nexus hackers are **increasingly using** large-scale proxy networks of hijacked consumer devices to **evade detection**, making malicious traffic harder to trace and block....
China-nexus hijacked-device proxy network campaign
CampaignAbout this happening: China-nexus hackers are **increasingly using** large-scale proxy networks of hijacked consumer devices to **evade detection**, making malicious traffic harder to trace and block....
Internet-exposed Rockwell Automation/Allen-Bradley PLCs concentrated in the United States
Target Trend
First: 10.04.2026 18:52
Last: 10.04.2026 18:52
Sources 1
About this happening:
A measured exposure pattern shows **5,219** internet-facing **Rockwell Automation/Allen-Bradley** PLC hosts worldwide, expanding the attack surface for **industrial control** netw...
Internet-exposed Rockwell Automation/Allen-Bradley PLCs concentrated in the United States
Target TrendAbout this happening: A measured exposure pattern shows **5,219** internet-facing **Rockwell Automation/Allen-Bradley** PLC hosts worldwide, expanding the attack surface for **industrial control** netw...
Iranian-affiliated US CNI OT attack campaign
Campaign
First: 08.04.2026 11:15
Last: 08.04.2026 11:15
Sources 1
About this happening:
An **Iranian-affiliated** campaign is actively targeting **US critical national infrastructure providers**, creating **operational disruption** and **financial loss** across multi...
Iranian-affiliated US CNI OT attack campaign
CampaignAbout this happening: An **Iranian-affiliated** campaign is actively targeting **US critical national infrastructure providers**, creating **operational disruption** and **financial loss** across multi...
Iranian-linked PLC targeting campaign against U.S. critical infrastructure
Campaign
First: 07.04.2026 21:02
Last: 07.04.2026 21:02
Sources 1
About this happening:
Iranian-linked hackers are actively targeting **Internet-exposed Rockwell/Allen-Bradley PLCs** on **U.S. critical infrastructure** networks, increasing the risk of operational dis...
Iranian-linked PLC targeting campaign against U.S. critical infrastructure
CampaignAbout this happening: Iranian-linked hackers are actively targeting **Internet-exposed Rockwell/Allen-Bradley PLCs** on **U.S. critical infrastructure** networks, increasing the risk of operational dis...
Timeline
-
27.03.2026 16:42 2 articles · 2mo ago
Iran-linked proxies widen scans for exposed IP cameras and controllers
Campaign Scope UpdateIran-linked proxies are widening scans for vulnerable cyber-physical devices, especially IP cameras and industrial control systems such as SCADA and PLCs, across specific countries and the private sector. The activity targets exposed devices that can provide direct visibility into sensitive areas, with unpatched systems and default manufacturing credentials increasing the likelihood of compromise.
Show sources
- Wartime Usage of Compromised IP Cameras Highlight Their Danger — www.darkreading.com — 27.03.2026 16:42
- Wartime Usage of Compromised IP Cameras Highlight Their Danger — www.darkreading.com — 27.03.2026 16:42