Yazılar

US warns of escalating Iranian cyberattacks on infrastructure

/in /tarafından

U.S. authorities have warned that Iranian-backed hacking campaigns targeting critical infrastructure have intensified following the escalation of regional hostilities.

According to a joint advisory issued by agencies including the FBI, National Security Agency and Cybersecurity and Infrastructure Security Agency, attackers are focusing on industrial control systems widely used across essential sectors.

Targets and Methods

The hackers are primarily exploiting:

  • Programmable Logic Controllers (PLCs)
  • SCADA systems (Supervisory Control and Data Acquisition)

These systems are critical for operating infrastructure such as:

  • Energy grids
  • Water and wastewater facilities
  • Government service systems

Attack techniques include:

  • Manipulating system display data
  • Extracting sensitive operational configurations
  • Interfering with real-time control processes

In several cases, the activity has already resulted in operational disruption and financial losses.

Strategic Intent

U.S. officials assess that the campaigns aim to create “disruptive effects” within the United States, signaling a shift from espionage toward potential sabotage.

The warning aligns with broader geopolitical tensions involving Iran and the United States, with threats extending to infrastructure targets both domestically and across the Gulf region.

Agencies Involved

The advisory was jointly issued by multiple agencies, including:

  • Federal Bureau of Investigation
  • National Security Agency
  • Cybersecurity and Infrastructure Security Agency
  • Environmental Protection Agency
  • Department of Energy
  • U.S. Cyber Command’s Cyber National Mission Force

Risk Implications

The targeting of industrial control systems is particularly concerning because:

  • Many are internet-exposed with weak security configurations
  • They often run legacy software with limited patching
  • Disruption can have physical-world consequences, not just digital impact

Outlook

The escalation indicates a broader trend:

  • Cyber operations are increasingly integrated into geopolitical conflict
  • Critical infrastructure is becoming a primary attack surface
  • Defensive readiness for industrial systems is now a national security priority

Organizations operating ICS/SCADA environments are likely to face heightened pressure to:

  • Harden network exposure
  • Implement real-time monitoring
  • Segment operational technology (OT) from IT systems

Iran-Linked Hackers Restore Website After US Domain Seizure

/in /tarafından

A website linked to an Iranian government-associated hacking group has resurfaced just one day after U.S. authorities seized several of its domains, highlighting ongoing challenges in disrupting cyber threat actors.

The U.S. Department of Justice said it had seized four domains connected to the “Handala Hack Team,” which it linked to Iran’s Ministry of Intelligence and Security. The group had previously claimed responsibility for a cyberattack on a U.S. medical device company earlier in March.

Despite the takedown, the group quickly restored its online presence, stating that the action was an attempt by U.S. authorities to silence it. Analysts say such rapid recovery is common, as state-linked cyber units frequently re-establish operations using new domains or platforms.

The incident underscores the resilience of cyber threat actors and the limitations of domain seizures as a long-term deterrent. Experts note that these groups often maintain multiple backup channels, allowing them to resume activities with minimal disruption.

The case also highlights growing tensions in cyber operations, where government-linked hacking groups continue to play a role in both digital espionage and psychological operations.

Iranians Use Musk’s Starlink to Bypass Internet Blackout Amid Protest Crackdown

/in /tarafından

Some Iranians are continuing to access the internet through Starlink, the satellite-based network operated by Elon Musk, despite a near-total nationwide communications blackout imposed by authorities, according to people inside the country.

Iranian officials have in recent days launched a deadly crackdown on nationwide protests, accompanied by widespread internet shutdowns affecting fiber-optic and mobile networks. However, Starlink—which delivers connectivity directly from thousands of low-Earth orbit satellites—remains operational in some parts of Iran, despite being officially banned.

Three Starlink users inside Iran told Reuters that the service was still functioning in certain locations. One user in western Iran said dozens of people in his area were using Starlink and that access in border towns and cities appeared largely unaffected.

Alp Toker, founder of internet monitoring group NetBlocks, said he had also received reports of continued Starlink access, though at reduced levels. “It is patchy, but still there,” he said. According to NetBlocks data, the broader internet blackout that began on January 8 continued on Monday, with non-satellite connectivity operating at roughly 1% of normal levels.

Picture background

It remains unclear how Iranian authorities are attempting to disrupt Starlink’s service. Some specialists said any interference could involve jamming Starlink terminals by overpowering their ability to receive satellite signals. SpaceX, which owns Starlink, did not respond to requests for comment. Iranian authorities were also unreachable due to phone and internet outages.

CRITICAL TOOL AMID GLOBAL CONFLICTS
Starlink’s role in Iran highlights the growing influence of Musk’s satellite internet network in global conflicts and political unrest. The service has been a critical communications tool for Ukraine since Russia’s full-scale invasion in 2022, and has also been used in countries such as Myanmar and Sudan, where authorities have repeatedly imposed internet shutdowns.

U.S. President Donald Trump said on Sunday he plans to speak with Musk about restoring internet access in Iran, without explicitly referencing Starlink.

Musk previously shipped free Starlink terminals to Ukraine and offered complimentary service there. By contrast, standard Starlink terminals typically cost about $599, plus a monthly subscription fee, putting them out of reach for many Iranians.

Starlink is not licensed to operate in Iran, but Musk has previously said the service is active there. In December 2022, he wrote on his social media platform X that the company was “approaching 100 Starlinks active in Iran,” a small number relative to the country’s population of roughly 92 million. In June last year, responding to calls for Starlink access to Iran, Musk posted simply: “beams are on.”

Following a 12-day conflict between Iran and Israel in June, Iran’s parliament passed legislation formally banning Starlink and imposing severe penalties for using or distributing the unlicensed technology, according to state media. Despite those restrictions, the continued use of Starlink underscores how satellite internet has become a powerful, if uneven, tool for bypassing state-imposed information controls.