Find notable cyber news and cases, enriched with sources, timelines, and signals.

Iran-linked proxy cyber-physical device scanning campaign

Campaign
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

Iran-linked proxies are widening scans for vulnerable cyber-physical devices, increasing the risk of opportunistic access across specific countries and the private sector. The focus includes IP cameras and industrial control systems, which can provide direct visibility into sensitive environments. The shift suggests a broader campaign to find exposed devices that can be used for reconnaissance or later access.

Related Happenings

NCSC-UK joint advisory on covert botnets and proxy networks

Public Sector Action
H score66 First: 23.04.2026 15:28 Last: 23.04.2026 15:28 Sources 1

About this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...

China-nexus hijacked-device proxy network campaign

Campaign
H score43 First: 23.04.2026 15:28 Last: 23.04.2026 15:28 Sources 1

About this happening: **China-nexus** hackers are using **JDY**, a covert **SOHO/IoT** reconnaissance network, to expand **targeted scanning** and **service fingerprinting** across exposed infrastructu...

Internet-exposed Rockwell Automation/Allen-Bradley PLCs concentrated in the United States

Trend
H score32 First: 10.04.2026 18:52 Last: 10.04.2026 18:52 Sources 1

About this happening: A measured exposure pattern shows **5,219** internet-facing **Rockwell Automation/Allen-Bradley** PLC hosts worldwide, expanding the attack surface for **industrial control** netw...

Iranian-affiliated US CNI OT attack campaign

Campaign
H score33 First: 08.04.2026 11:15 Last: 08.04.2026 11:15 Sources 1

About this happening: An **Iranian-affiliated** campaign is actively targeting **US critical national infrastructure providers**, creating **operational disruption** and **financial loss** across multi...

Iranian-linked PLC targeting campaign against U.S. critical infrastructure

Campaign
H score38 First: 07.04.2026 21:02 Last: 07.04.2026 21:02 Sources 1

About this happening: Iranian-linked hackers are actively targeting **Internet-exposed Rockwell/Allen-Bradley PLCs** on **U.S. critical infrastructure** networks, increasing the risk of operational dis...

Timeline

  1. 27.03.2026 16:42 2 articles · 3mo ago

    Iran-linked proxies widen scans for exposed IP cameras and controllers

    Campaign Scope Update

    Iran-linked proxies are widening scans for vulnerable cyber-physical devices, especially IP cameras and industrial control systems such as SCADA and PLCs, across specific countries and the private sector. The activity targets exposed devices that can provide direct visibility into sensitive areas, with unpatched systems and default manufacturing credentials increasing the likelihood of compromise.

    Show sources