
















Back on May 11, 2026, Polish ABW (the country’s internal security agency) warned the world that cyber attacks were "shifting from espionage and data theft toward physical disruption of critical infrastructure." Here’s an excerpt from that article:
“Security researchers say the mechanics behind many of these attacks are often far less sophisticated than commonly imagined. Rather than relying on advanced malware or rare zero-day vulnerabilities, attackers frequently exploit poorly secured industrial systems exposed to the internet, including devices protected by default passwords or outdated configurations.
”Small utilities are proving especially vulnerable. Experts note that attackers often view smaller municipalities as attractive targets because they typically lack mature cybersecurity defenses while still offering symbolic and psychological impact if disrupted. In many cases, obscurity no longer acts as protection. Instead, it reduces the effort required to identify and compromise vulnerable systems.
"Growing role of artificial intelligence is adding another layer of concern for defenders. In November, Anthropic disclosed that Chinese state-sponsored operators had used AI extensively during a campaign targeting roughly 30 organizations worldwide, with AI reportedly handling between 80 and 90 percent of operational tasks during the intrusion lifecycle.
“Industrial cybersecurity firm Dragos revealed details of an attempted intrusion involving a municipal water utility serving the Monterrey metropolitan area. According to the company, a commercially available AI system was able to identify industrial control systems within the target network even without prior operational technology or industrial control systems expertise.”
The topic of cyber attacks against critical infrastructure has received renewed attention this past week with widely reported news about an "LA Metro cyberattack linked to Iranian state-sponsored hackers." Here’s more on that:
“The Los Angeles County Metropolitan Transportation Authority (LACMTA), widely known as LA Metro, discovered a breach in mid-March. The cybersecurity incident led to internal operational disruptions at LA Metro, but did not impact rail and bus services.
“LA Metro representatives said in early April that hundreds of servers had to be checked for signs of compromise before they could be brought back online.
“A few days later, the attack on LA Metro was claimed by Ababil of Minab, which purports to be a pro-Iran hacktivist group. The threat actor allegedly wiped hundreds of terabytes of data and exfiltrated more than 1TB worth of files.”
Also this week, a company called Gambit Security released a detailed report covering the cyber attack methods used, as well as describing similar attacks overseas and against the South Florida Regional Transportation Authority.
In addition, back on April 7, several U.S. agencies — including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the National Security Agency and other agencies — warned Iranian-affiliated cyber actors were exploiting programmable logic controllers across U.S. critical infrastructure.
“The authoring agencies assess a group of Iranian-affiliated advanced persistent threat (APT) actors is conducting this activity to cause disruptive effects within the United States. The group has targeted devices spanning multiple U.S. critical infrastructure sectors, including Government Services and Facilities (to include local municipalities), Water and Wastewater Systems (WWS), and Energy Sectors. The authoring agencies previously reported on similar activity targeting PLCs by CyberAv3ngers (aka Shahid Kaveh Group)—a cyber threat actor affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) Cyber Electronic Command (CEC).”
Earlier this month, CNN reported that U.S. officials suspected that it was Iranian threat groups that breached automatic tank gauges at gas stations across the United States in operations that didn’t cause damage but raised many concerns nationwide.
Here are some more examples of escalating cyber attacks against critical infrastructure in the first half of 2026:
1. The Stryker Corporation Wiping Attack (March 2026)
2. The Continued “Salt Typhoon” Telecom Infiltration (Q1 2026)
3. Edge-Device Exploitation via UAT-7290 (Early 2026)
4. Automated AI-Driven Ransomware Campaigns (Q1/Q2 2026)
5. Brightspeed Ransomware Attack (Early 2026)
Also this past week, we received more chilling news from the U.K. spy chief. Her message is that "Time is running out for the West to confront threats from Russia and China":
“In a rare public speech, Anne Keast-Butler, the director of GCHQ — the U.K.’s intelligence, cyber and security agency — will say Britain is at a ‘moment of consequence,’ with the country facing increasingly brazen behavior from hostile nations.”
“‘The ground beneath our feet is shifting,’ as AI continues to develop swiftly, with new technologies creating a ‘narrowing window for the U.K. and allies to stay ahead.’”
These events taken in total mean that the new normal has shifted when it comes to cyber attacks against critical infrastructure sectors. State and local governments, utilities and others defending these key systems need to be prepared. And even though the Iran war may be winding down, the cyber attacks affecting key physical assets from global nation-states are just getting started.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。