Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Iranian-affiliated US CNI OT attack campaign

Campaign
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

An Iranian-affiliated campaign is actively targeting US critical national infrastructure providers, creating operational disruption and financial loss across multiple sectors. The operation focuses on internet-facing OT assets, including Rockwell Automation/Allen-Bradley PLCs. It has also involved manipulation of HMI and SCADA displays, raising concerns about control-system integrity. The activity shows a continuing attempt to reach and influence industrial systems rather than a one-off intrusion.

Related Happenings

US government warning on Iran-affiliated critical infrastructure disruption risk

Public Sector Action
First: 18.05.2026 18:41 Last: 18.05.2026 18:41 Sources 1

About this happening: The **US government** warned that **Iran-affiliated threat actors** were disrupting **US critical infrastructure** through attacks on **Internet-exposed OT devices** across **mult...

Open Happening

CISA releases CI Fortify guidance for critical infrastructure resilience

Public Sector Action
First: 05.05.2026 15:00 Last: 05.05.2026 15:00 Sources 1

About this happening: CISA released CI Fortify, guidance for critical infrastructure operators across sectors to help keep essential services running during cyberattack or crisis conditions. The framew...

Latest development: 06.05.2026 16:15

CISA launched CI Fortify on Tuesday as a planning framework for critical infrastructure operators in water, energy, transportation and communications to prepare for cyber disruption by disconnecting OT systems from third-party and business networks, maintaining essential services in degraded communications conditions, and recovering compromised systems through backups, component replacement, or a transition to manual operations.

Open Happening

CISA-led zero-trust guide for OT environments

Public Sector Action
First: 30.04.2026 17:00 Last: 30.04.2026 17:00 Sources 1

About this happening: US government agencies led by **CISA** released **Adapting Zero Trust Principles to Operational Technology**, giving **OT operators** a framework to improve **critical infrastruct...

Open Happening

Internet-exposed Rockwell Automation/Allen-Bradley PLCs concentrated in the United States

Target Trend
First: 10.04.2026 18:52 Last: 10.04.2026 18:52 Sources 1

About this happening: A measured exposure pattern shows **5,219** internet-facing **Rockwell Automation/Allen-Bradley** PLC hosts worldwide, expanding the attack surface for **industrial control** netw...

Open Happening

Internet-facing Modbus OT devices with unauthenticated access remain exposed

Target Trend
First: 10.04.2026 16:30 Last: 10.04.2026 16:30 Sources 1

About this happening: **Internet-facing Modbus OT devices** remain exposed to **unauthenticated access**, with a scan finding **at least 179 devices** and highlighting a broader **critical-infrastructu...

Open Happening

Timeline

  1. 08.04.2026 11:15 2 articles · 1mo ago

    Iranian-affiliated US CNI OT attack campaign

    Initial Disclosure

    The campaign began last month by probing **internet-facing OT assets** in US infrastructure environments. Early activity centered on gaining controller access and manipulating operational displays, signaling a move from reconnaissance to disruptive control attempts.

    Show sources
    Open in new tab