惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Check Point Blog
S
Schneier on Security
P
Privacy & Cybersecurity Law Blog
S
Security @ Cisco Blogs
W
WeLiveSecurity
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Microsoft Azure Blog
Microsoft Azure Blog
NISL@THU
NISL@THU
T
Troy Hunt's Blog
L
LangChain Blog
L
LINUX DO - 最新话题
T
The Exploit Database - CXSecurity.com
Engineering at Meta
Engineering at Meta
N
News and Events Feed by Topic
A
About on SuperTechFans
N
Netflix TechBlog - Medium
P
Proofpoint News Feed
MyScale Blog
MyScale Blog
Martin Fowler
Martin Fowler
Y
Y Combinator Blog
H
Heimdal Security Blog
aimingoo的专栏
aimingoo的专栏
T
Threat Research - Cisco Blogs
SecWiki News
SecWiki News
Microsoft Security Blog
Microsoft Security Blog
T
Tenable Blog
P
Proofpoint News Feed
H
Hacker News: Front Page
G
GRAHAM CLULEY
I
Intezer
V
V2EX
S
Secure Thoughts
Stack Overflow Blog
Stack Overflow Blog
H
Help Net Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
人人都是产品经理
人人都是产品经理
博客园 - 聂微东
Latest news
Latest news
Recent Announcements
Recent Announcements
Hugging Face - Blog
Hugging Face - Blog
腾讯CDC
博客园_首页
Webroot Blog
Webroot Blog
博客园 - 三生石上(FineUI控件)
AI
AI
N
News | PayPal Newsroom
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
B
Blog RSS Feed
美团技术团队

Lohrmann on Cybersecurity

On AI Ethics: Why Prompt Engineering Needs a Moral Compass Navigating NIST’s New Cybersecurity AI Frontier AI at Work: Employees Aren’t Waiting for Permission AI, Mind Reading and Microchip Brain Implants The Global State of Technology Risk in 2026 The Mythos Race: Trump’s New EO and Glasswing’s Expansion How New College Grads Can Succeed in an AI Economy Protecting People and Infrastructure: A 2026 World Cup Security Preview ‘CI Fortify’ Is the New Road Map for State and Local Resilience A Tale of Two States: The 2026 Cybersecurity Paradox The Great Stay: Why Tech Talent Is Choosing Stability Over Salary A History of Global Hacking — and Where It’s Going Next Why Anthropic’s Mythos Is a Systemic Shift for Global Cybersecurity Post-Quantum Cryptography: Moving From Awareness to Execution RSAC 2026 Highlights: From Agentic AI to Active Defense What Is Physical AI, and What Does It Mean for Government? New Federal Strategies, Rising Risk From Iran Top Cyber Themes Securing Critical Infrastructure in a Time of War From Michigan to Silicon Valley: A Conversation With Mohamad Yassine Defending Your Castle: Best Practices for Smart Home Security Your Smart Home Is Watching You: Privacy in the Age of AI Robots How Global Power Struggles Are Rewriting Cyber Defense After TikTok: Navigating the Complex Web of Foreign Tech Bans
No Longer Invisible: When Cyber Attacks Go Physical
https://www.govtech.com/authors/dan-lohrmann.html · 2026-05-31 · via Lohrmann on Cybersecurity

Back on May 11, 2026, Polish ABW (the country’s internal security agency) warned the world that cyber attacks were "shifting from espionage and data theft toward physical disruption of critical infrastructure." Here’s an excerpt from that article:

“Security researchers say the mechanics behind many of these attacks are often far less sophisticated than commonly imagined. Rather than relying on advanced malware or rare zero-day vulnerabilities, attackers frequently exploit poorly secured industrial systems exposed to the internet, including devices protected by default passwords or outdated configurations.

”Small utilities are proving especially vulnerable. Experts note that attackers often view smaller municipalities as attractive targets because they typically lack mature cybersecurity defenses while still offering symbolic and psychological impact if disrupted. In many cases, obscurity no longer acts as protection. Instead, it reduces the effort required to identify and compromise vulnerable systems.


"Growing role of artificial intelligence is adding another layer of concern for defenders. In November, Anthropic disclosed that Chinese state-sponsored operators had used AI extensively during a campaign targeting roughly 30 organizations worldwide, with AI reportedly handling between 80 and 90 percent of operational tasks during the intrusion lifecycle.

“Industrial cybersecurity firm Dragos revealed details of an attempted intrusion involving a municipal water utility serving the Monterrey metropolitan area. According to the company, a commercially available AI system was able to identify industrial control systems within the target network even without prior operational technology or industrial control systems expertise.”

ROUNDUP: CRITICAL INFRASTRUCTURE CYBER ATTACKS

The topic of cyber attacks against critical infrastructure has received renewed attention this past week with widely reported news about an "LA Metro cyberattack linked to Iranian state-sponsored hackers." Here’s more on that:

“The Los Angeles County Metropolitan Transportation Authority (LACMTA), widely known as LA Metro, discovered a breach in mid-March. The cybersecurity incident led to internal operational disruptions at LA Metro, but did not impact rail and bus services. 

“LA Metro representatives said in early April that hundreds of servers had to be checked for signs of compromise before they could be brought back online. 

“A few days later, the attack on LA Metro was claimed by Ababil of Minab, which purports to be a pro-Iran hacktivist group. The threat actor allegedly wiped hundreds of terabytes of data and exfiltrated more than 1TB worth of files.”

Also this week, a company called Gambit Security released a detailed report covering the cyber attack methods used, as well as describing similar attacks overseas and against the South Florida Regional Transportation Authority.

In addition, back on April 7, several U.S. agencies — including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the National Security Agency and other agencies — warned Iranian-affiliated cyber actors were exploiting programmable logic controllers across U.S. critical infrastructure.

“The authoring agencies assess a group of Iranian-affiliated advanced persistent threat (APT) actors is conducting this activity to cause disruptive effects within the United States. The group has targeted devices spanning multiple U.S. critical infrastructure sectors, including Government Services and Facilities (to include local municipalities), Water and Wastewater Systems (WWS), and Energy Sectors. The authoring agencies previously reported on similar activity targeting PLCs by CyberAv3ngers (aka Shahid Kaveh Group)—a cyber threat actor affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) Cyber Electronic Command (CEC).”

Earlier this month, CNN reported that U.S. officials suspected that it was Iranian threat groups that breached automatic tank gauges at gas stations across the United States in operations that didn’t cause damage but raised many concerns nationwide.

Here are some more examples of escalating cyber attacks against critical infrastructure in the first half of 2026:

1. The Stryker Corporation Wiping Attack (March 2026)

  • Target Sector: Healthcare and Public Health/Medical Technology
  • The Incident: In March 2026, major medical technology giant Stryker was hit by a devastating, destructive cyber attack attributed to an Iran-aligned hacktivist group. Rather than a standard ransomware attack aimed at extorting money, this was a kinetic “wiper” attack. Employees watched as corporate systems and computers were wiped in real time, forcing entire offices to shut down operations and exposing the severe vulnerability of the healthcare supply chain to geopolitically motivated disruption.

2. The Continued “Salt Typhoon” Telecom Infiltration (Q1 2026)

  • Target Sector: Communications/Information Technology
  • The Incident: While initiated by China-aligned actors rather than Iran, FBI and CISA briefings in early 2026 confirmed that the massive “Salt Typhoon” campaign had successfully maintained deep, persistent access inside U.S. telecommunications carriers and government communications. Security audits through March and April 2026 revealed that these hackers had effectively mapped out critical digital routing infrastructure, allowing them access to congressional communications and federal contracting databases.

3. Edge-Device Exploitation via UAT-7290 (Early 2026)

  • Target Sector: Information Technology/Cross-Sector
  • The Incident: Running parallel to the spring geopolitical tensions, a state-sponsored threat group designated as UAT-7290 aggressively targeted U.S. and allied telecommunications providers. They specifically exploited unpatched vulnerabilities in edge network devices (like Internet-facing firewalls and routers) to establish permanent malware footholds, giving foreign adversaries the ability to intercept or shut down data flows at a moment's notice.

4. Automated AI-Driven Ransomware Campaigns (Q1/Q2 2026)

  • Target Sector: Government Facilities/Water/Energy
  • The Incident: Spring 2026 marked a terrifying paradigm shift in how infrastructure was targeted. Threat intelligence reports highlighted the emergence of tools like the “Tsundere Bot” and AI-driven automated scanning. Hostile groups began using AI to autonomously handle network reconnaissance, scan U.S. municipal utilities for vulnerabilities, and execute credential theft without human intervention, resulting in a 62 percent higher cyber attack frequency in the U.S. compared to the global average.

5. Brightspeed Ransomware Attack (Early 2026)

  • Target Sector: Communications Internet Infrastructure
  • The Incident: Brightspeed, a major U.S. broadband and telecommunications provider servicing millions of residential and business customers across multiple states, suffered a severe ransomware breach. The attack targeted internal infrastructure, disrupting back-end operations and highlighting how vulnerable the localized U.S. Internet grid is to supply-chain and service-provider extortion.

FINAL THOUGHTS

Also this past week, we received more chilling news from the U.K. spy chief. Her message is that "Time is running out for the West to confront threats from Russia and China":

“In a rare public speech, Anne Keast-Butler, the director of GCHQ — the U.K.’s intelligence, cyber and security agency — will say Britain is at a ‘moment of consequence,’ with the country facing increasingly brazen behavior from hostile nations.”

“‘The ground beneath our feet is shifting,’ as AI continues to develop swiftly, with new technologies creating a ‘narrowing window for the U.K. and allies to stay ahead.’”

These events taken in total mean that the new normal has shifted when it comes to cyber attacks against critical infrastructure sectors. State and local governments, utilities and others defending these key systems need to be prepared. And even though the Iran war may be winding down, the cyber attacks affecting key physical assets from global nation-states are just getting started.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.