Earlier this week, US strikes on Iran escalated, igniting the Middle East, leaders, federal officials and private threat analysts warned that Tehran-linked actors are intensifying industrial cybersecurity operations, using disruptive attacks as a low-cost, high-impact weapon of war.
Heightened geopolitical tensions and growing evidence that cyberattacks, not missiles, are becoming the first and most persistent strike in modern conflict, targeting power grids, water utilities, oil facilities, and financial systems long before conventional forces mobilize. Industrial cybersecurity measures are now central to defending these assets.
First Cyber Strike
Following US military action and the reported killing of Iran’s Supreme Leader, Ayatollah Ali Khamenei, experts said they are monitoring critical infrastructure, from distributed denial-of-service (DDoS) attacks to deeper intrusions into industrial systems.
“Iran-linked cyber activity has historically been more opportunistic than highly sophisticated, but that doesn’t make it less dangerous – especially for critical infrastructure,” said Gary Barlet, public sector chief technology officer at Illumio, highlighting the industrial infrastructure.
Barlet added that cyber operations are “an attractive, low-cost way to create psychological and operational effects,” noting that Iran’s ecosystem of hacktivist and proxy groups can independently launch “DDoS attacks, defacements, or disruptive intrusions,” focusing on the integral importance of cybersecurity for manufacturing and operational technology cybersecurity.
Head of counter adversary operations at CrowdStrike, Adam Meyers, said that as of Monday morning the company “has not observed large-scale state-sponsored cyber campaigns,” but has “observed a surge in claimed activity from Iran-aligned and sympathetic hacktivist groups.”
However, Meyers cautioned that “much of the activity being publicized appears to be claim-driven rather than evidence-backed,” adding that it is “common during periods of geopolitical escalation to see an increase in opportunistic hacktivism and low-level disruptive activity designed to generate attention,” including logistics cybersecurity concerns.
Chief analyst at Google Threat Intelligence Group, John Hultquist, warned that “Iranian cyberespionage has resumed after a brief lull during the initial military strikes.”
“We expect Iran to target the U.S., Israel, and Gulf Cooperation Council countries with disruptive cyberattacks, focusing on targets of opportunity and critical infrastructure,” Hultquist said.
Focusing on industrial control systems cyber security, adding that Iranian actors “frequently fabricate and exaggerate their effects in an effort to boost their psychological impact.” He advised that claims be taken “with a grain of salt.”
Researchers at Flashpoint reported a campaign dubbed “#OPIsrael,” involving pro-Russian and pro-Iranian actors targeting critical infrastructure and data exfiltration, underscoring how logistics cyber attacks increasingly mirror battlefield coalitions.
APTs and the Infrastructure Battlefield
Behind many of these operations are advanced persistent threat groups (APT), often state-funded actors capable of penetrating complex infrastructure. Such groups have previously targeted power grids, financial systems, and energy sector cybersecurity, sometimes as a prelude to kinetic warfare.
Iranian-backed APTs have already targeted oil and gas, manufacturing, power, and water systems across the US, Israel, and the Middle East. Islamic Revolutionary Guard Corps (IRGC) affiliated actors have focused on internet-exposed programmable logic controllers in US water and wastewater facilities, in some cases forcing utilities into manual operations.
Actors such as CyberAv3ngers and Charming Kitten reportedly exploit default credentials and unpatched vulnerabilities in industrial hardware, seeking what analysts describe as “low-hanging fruit.”
An Iranian-linked ransomware group, Handala, has claimed an attack on Israel Opportunity Energy, though independent confirmation remains pending.Yet, despite the threat, preparedness remains vague.
According to the latest Dragos annual threat report for operational technology cybersecurity, only about 10 percent of industrial and critical infrastructure facilities maintain continuous IT security areas needed to guard against cyber threats.
Barlet stressed that “the risk isn’t necessarily cutting-edge tradecraft; it’s the impact of exploiting weak fundamentals,” urging organizations to validate patches, eliminate default passwords, harden multifactor authentication, and enhance logistics cybersecurity and cybersecurity energy industry priority measures.
As the Pentagon signals its involvement in Iran is only beginning, and with parts of the Cybersecurity and Infrastructure Security Agency workforce furloughed during a Department of Homeland Security shutdown. Lawmakers warn that reduced staffing is “putting our nation’s critical infrastructure at risk,” particularly industrial cybersecurity and precision monitoring critical infrastructure.
In modern warfare, the most decisive weapon may no longer be launched from the sky but from a keyboard, emphasizing the importance of industrial cybersecurity in defending nations.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.