The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Iran-Linked PLC Exploitation Expands Across US Critical Infrastructure

Apr 17, 2026 2:14:36 PM / by The Hivemind posted in Threat Bulletin, Iran cyber attacks, PLC exploitation, Iranian hackers critical infrastructure, Rockwell PLC vulnerability, Allen Bradley cyber attack, SCADA manipulation, water infrastructure cyber attack, OT cybersecurity threat

0 Comments

Verticals Targeted: Critical Infrastructure, ONG, Electricity, Water, Government
Regions Targeted: US
Related Threat Actors: CyberAv3ngers, Static Kitten, Refined Kitten, Helix Kitten, Banished Kitten

Executive Summary

A joint US government advisory confirmed that Iran-affiliated cyber actors are actively exploiting internet-facing industrial control systems, particularly Rockwell Automation/Allen-Bradley PLCs, across US critical infrastructure. The activity has resulted in operational disruption, manipulation of HMI/SCADA data, and financial loss in sectors including water, energy, and government facilities. The campaign reflects a continuation of Iran’s established OT targeting playbook, prioritizing exposed industrial assets over sophisticated intrusion chains. Recent activity indicates a shift from defacement and signaling toward direct process interference, increasing the risk of real-world operational impact during periods of geopolitical tension.

Read More

Healthcare in the Crosshairs: Iran-Linked Cyber Threats Raise Risk for Hospitals, MedTech, and Care Delivery Supply Chains

Apr 10, 2026 3:27:14 PM / by The Hivemind posted in Threat Bulletin, Stryker cyberattack, Handala Hack, Banished Kitten, medical device security, healthcare supply chain security, cyber threat intelligence, Iran cyber attacks, healthcare cybersecurity, hospital cyber risk, Void Manticore, Iranian threat actors

0 Comments

Verticals Targeted: Healthcare
Regions Targeted: US

Executive Summary

Iran-linked cyber threats have elevated risk across the US healthcare sector, driven by the disruptive March 11 attack on Stryker, increased geopolitical tensions, and explicit warning signals from government and industry. A CISA acting director threat brief identifies healthcare as an actively targeted and highly exposed civilian sector, while vendor reporting links recent disruptive activity to MOIS-affiliated actors operating under personas such as Handala. Although widespread direct intrusions into hospitals have not been publicly confirmed, the convergence of supplier disruption, proxy activity, and sector vulnerabilities creates a credible near-term threat environment for healthcare entities and their supporting ecosystem.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More