Apr 09, 2026

Subject: Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks

Sender: news@securityweek.comD

Dear Subscriber,

Federal agencies have issued an urgent warning that Iran-linked cyberactors are targeting internet-exposed programmable logic controllers (PLCs) in critical infrastructure across the U.S., particularly those made by Rockwell Automation/Allen-Bradley. These attacks manipulate PLC and SCADA systems, resulting in operational disruptions and raising concerns about potential sabotage. The compromised systems span multiple sectors including energy, water, and government facilities. This activity has caused measurable operational disruption and financial losses, highlighting the increasing targeting of operational technology (OT) in cyber campaigns.

Stay informed and access Indicators of Compromise (IOCs) with SecurityWeek.

---

Subject: Cybercrime Losses Surpass $20 Billion in Last Year – FBI Report

Sender: risky-biz@ghost.ioD

Dear Reader,

According to the FBI’s Internet Crime Report, Americans lost nearly $21 billion to cybercrime in 2025, the highest recorded since tracking began 25 years ago. Investment scams were the leading cause, accounting for $8.6 billion in losses, with cryptocurrency theft making up a substantial portion. Cyber-enabled fraud constituted 85% of reported losses, with the FBI receiving over one million reports last year, now averaging more than 3,000 complaints daily.

Authorities have also taken down an APT28 router botnet that intercepted email credentials. In addition, Iranian hackers continue to exploit operational technology PLCs across the US, and emerging exploitation campaigns threaten AI platforms like ComfyUI and FlowiseAI. Stay vigilant and review the full FBI report and related cybersecurity developments.

---

Subject: Iran-Linked Hackers Target Critical Infrastructure Controls, Risking Disruption and Sabotage

Sender: info@metacurity.comD

Dear Security Professional,

A joint advisory from FBI, NSA, DOE, CISA, and other US agencies reveals that Iranian government-affiliated hackers are targeting industrial control devices, especially programmable logic controllers (PLCs) deployed in critical infrastructure sectors such as energy, water, and government. These hackers manipulate the device displays and system codes to cause operational disruptions, financial losses, and potentially hazardous conditions.

This campaign mirrors previous disruptive attacks by the Iran-linked CyberAv3ngers (Shahid Kaveh Group). Separately, Russian GRU-linked APT28 compromised thousands of MikroTik and TP-Link routers globally to hijack DNS traffic and steal email credentials. Other incidents include pro-Iranian group DDoS attacks on Chime and Pinterest, ICE using advanced spyware, and the proliferation of hacking services on Telegram targeting women.

Please review in-depth analysis and mitigation strategies in the linked advisory.

---

Subject: Iranian APTs Target PLCs and SCADA Systems in US Critical Infrastructure

Sender: editor@newsletter.n2k.comD

Dear Reader,

US intelligence and law enforcement have identified multiple Iran-linked advanced persistent threats actively exploiting programmable logic controllers (PLCs) and SCADA systems controlling US critical infrastructure, including municipal services, energy utilities, and water management. This activity has disrupted operations by altering project files and manipulating supervisory control interfaces.

Targeted devices predominantly include Rockwell Automation/Allen-Bradley PLCs such as CompactLogix and Micro850, with probes into Siemens S7 PLCs as well. Attackers use leased infrastructure and vendor configuration tools to gain accepted connections to victim devices. Disruptions have resulted in financial losses and degraded service reliability.

Stay informed with this joint advisory from FBI, CISA, NSA, EPA, DOE, and US Cyber Command.

---

Subject: US Disrupts Russian Operation Involving Hacked Routers and DNS Hijackings

Sender: news@securityweek.comD

Dear Subscriber,

The US Justice Department and FBI have successfully disrupted a global espionage campaign run by Russia’s GRU (APT28/Fancy Bear) that compromised thousands of small office/home office routers, including TP-Link and MikroTik devices. The hackers exploited vulnerabilities to alter router DNS settings, redirecting traffic to malicious servers to steal credentials, including from government and critical infrastructure sectors worldwide.

The operation employed automated filtering to selectively intercept sensitive DNS requests and was indiscriminate in initial router compromise. The FBI’s “Operation Masquerade” severed GRU access, reset devices, and collected evidence of their global activity.

Complementary news includes patches for vulnerabilities in OpenSSL and Apache ActiveMQ, escalating cybercrime losses nearing $21 billion, and ongoing threats impacting US hospitals and IoT devices.

Please consult the full SecurityWeek report for detailed insights and remediation.

Stay Well!