惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cybersecurity and Infrastructure Security Agency CISA
D
Darknet – Hacking Tools, Hacker News & Cyber Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Schneier on Security
L
Lohrmann on Cybersecurity
S
Securelist
P
Palo Alto Networks Blog
SecWiki News
SecWiki News
T
Troy Hunt's Blog
H
Hacker News: Front Page
AWS News Blog
AWS News Blog
Latest news
Latest news
Hacker News - Newest:
Hacker News - Newest: "LLM"
NISL@THU
NISL@THU
The Hacker News
The Hacker News
F
Full Disclosure
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
大猫的无限游戏
大猫的无限游戏
O
OpenAI News
P
Proofpoint News Feed
Know Your Adversary
Know Your Adversary
G
GRAHAM CLULEY
博客园_首页
Attack and Defense Labs
Attack and Defense Labs
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Security Latest
Security Latest
云风的 BLOG
云风的 BLOG
K
Kaspersky official blog
WordPress大学
WordPress大学
www.infosecurity-magazine.com
www.infosecurity-magazine.com
宝玉的分享
宝玉的分享
L
LINUX DO - 热门话题
博客园 - 叶小钗
L
LINUX DO - 最新话题
Martin Fowler
Martin Fowler
N
News | PayPal Newsroom
Project Zero
Project Zero
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
PCI Perspectives
PCI Perspectives
月光博客
月光博客
IT之家
IT之家
Recent Announcements
Recent Announcements
T
The Exploit Database - CXSecurity.com
D
DataBreaches.Net
J
Java Code Geeks
酷 壳 – CoolShell
酷 壳 – CoolShell
Last Week in AI
Last Week in AI
Google Online Security Blog
Google Online Security Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知

Truesec

Organized Cybercrime Merging with Other Crime - Truesec AI Used in Ransomware Attack The Fortibleed Campaign: Truesec's Experience Fortibleed: Truesec's Experience Supply Chain Attack Compromising Arch Linux AUR Packages with Infostealer and Rootkit - Truesec FortiNet SSO Vulnerability CVE-2025-59718 and CVE-2025-59719 Leading to Full System Compromise - Truesec Critical Vulnerabilities in Ivanti Sentry Allows Code Execution as Root (CVE-2026-10520 & CVE-2026-10523) Typosquatting: When Your Domain Is Used Against You AI in Cybersecurity: Separating Operational Reality from Speculation Compromised @redhat-Cloud-Services Npm Packages Distribute Credential-Stealing Worm GitHub Hacks Highlights Need for Repository Security Installation of a Syslog Log Collector Critical Cisco Secure Workload Vulnerability Allows Unauthenticated Site Admin Access (CVE-2026-20223) Securing IT, OT, and IoT When the Digital Meets the Physical Russia Rolls Out Surveillance Through State-Backed “Super App” MAX Device Code Phishing via Fake File-Sharing Invitation Active Exploitation of PAN‑OS Authentication Portal RCE - Truesec Windows Client Security Baselines: When Assumptions Meet Incident Response Reality - Truesec Entra ID Password Protection: From “P@ssw0rd” to Protected GitHub Under Attack: How Small Exposures Snowball into Large‑Scale Compromises European Risks Linked to the U.S. – Iran Conflict Mythos: What It Actually Means and What It Does Not Russian Espionage Campaign Targets Home Routers How Nordic Organizations Must Adjust Their Cybersecurity to a Changing Operating Environment Critical Vulnerability in “Ninja Forms – File Upload” WordPress Plugin (CVE-2026-07409) Remote Access – Is VPN the Almighty Solution? Malicious Axios Packages Published to npm in New Supply Chain Compromise RCE Vulnerability in F5 BIG-IP APM (CVE-2025-53521) No Further Increase in Iranian Cyber Operations Malicious PyPI Package – LiteLLM Supply Chain Compromise Dutch Intelligence Warns of Russian Campaign Against Signal and Whatsapp Users Multiple Vulnerabilities, One Critical, in Ubiquiti UniFi Network Application
Iranian APT Target US Critical Infrastructure
2026-04-10 · via Truesec

Threat Insight

On April 7, CISA, together with the FBI, NSA, and several other U.S. government agencies, issued a joint advisory regarding active exploitation of internet‑facing operational technology (OT) devices. The activity is focused on programmable logic controllers (PLCs) from Rockwell Automation / Allen‑Bradley, with the advisory noting that other PLC platforms may also be at risk. [1]

The advisory confirms that several U.S. critical infrastructure sectors have already experienced operational disruption. In response, CISA urges organizations to actively assess their environments against the published tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to determine whether they are currently affected or have been compromised in the past. [1]

U.S. authorities assess the activity to be conducted by Iranian‑affiliated advanced persistent threat (APT) actors. Impacted sectors include government services and facilities, water and wastewater management, and energy. Similar PLC‑focused activity has previously been attributed to CyberAv3ngers, also known as the Shahid Kaveh Group, which has established links to Iran’s Islamic Revolutionary Guard Corps (IRGC) Cyber Electronic Command (CEC). [1]

The context is relevant. The activity coincides with a period of heightened geopolitical tension, occurring just days ahead of a Pakistani‑brokered ceasefire involving the U.S., Israel, and Iran, with further negotiations scheduled in Islamabad on April 11. At the same time, tensions in the Strait of Hormuz remain elevated, with limited maritime traffic despite public statements that the route is open, and reports of transit restrictions and significant tolls imposed by Iran. [2]

Assessment

This activity fits a long‑standing Iranian cyber approach, where OT and critical infrastructure environments are used as leverage during periods of geopolitical pressure. Based on historic targeting patterns and current intelligence, the United States and Israel remain the primary focus of Iranian threat actors.

That said, European organizations should not view this activity as geographically contained. OT environments often rely on shared vendors, similar architectures, and comparable exposure models. As a result, European organizations operating the same PLC platforms face overlapping technical risk, even when they are not the primary strategic target.

Organizations in Europe using Rockwell Automation / Allen‑Bradley PLCs or other internet‑accessible OT components should follow the actions recommended by CISA. [1] This includes reviewing external exposure, validating segmentation and access controls, and ensuring adequate monitoring and logging for OT‑specific activity. With U.S. and Iranian negotiations expected to continue over the weekend, maintaining situational awareness is prudent.

For critical infrastructure operators, understand your OT attack surface, confirm visibility across industrial environments, and be ready to act on relevant indicators tied to the published TTPs. A measured, intelligence‑led response remains the most effective course of action.

References

[1] https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a
[2] https://www.bbc.com/news/articles/cp3l4yk5rlgo