News brief: Iranian cyberattacks target U.S. water, energy

Iranian threat actors target U.S. water, energy and municipalities

Federal agencies warned that Iranian threat actors are actively exploiting internet-facing operational technology (OT) devices across multiple U.S. critical infrastructure sectors.

Iran-linked malicious hackers are targeting programmable logic controllers -- including devices made by Rockwell Automation/Allen-Bradley -- in water, wastewater, energy and government environments. The campaign has caused operational disruptions and financial losses, according to officials.

Security experts have long warned that the continued exposure of OT devices to the public internet is a design failure that opens organizations to attack. U.S. agencies urged organizations to remove direct internet exposure, harden access and review logs for suspicious activity.

Read the full story by David Jones on Cybersecurity Dive.

Russia hacked unmanaged edge devices, targeting U.S. critical infrastructure

The Justice Department and FBI said they disrupted a Russian military intelligence campaign that hijacked compromised TP-Link SOHO routers and used them to redirect DNS traffic, giving Moscow a way to collect internet traffic and potentially steal credentials, emails and other sensitive data from government and critical infrastructure targets.

According to the report, the operation -- dubbed Operation Masquerade -- modified DNS settings and gathered forensic data from infected devices.

End-of-life and poorly managed edge devices remain a serious enterprise risk, especially in distributed environments where remote offices, field sites and third parties rely on consumer-grade networking gear. Microsoft and federal officials urged organizations to patch firmware, review DNS settings, restrict remote management and replace obsolete equipment.

Read the full story by Nate Nelson on Dark Reading.

CISA cuts could weaken cyber defenses as nation-state threats to critical infrastructure intensify

The Trump administration's proposed FY2027 budget would shrink CISA's front-line cyber support at a time when nation-state threats to critical infrastructure are intensifying. As outlined in the proposal, the agency would lose $386 million and 867 positions, with cuts falling on vulnerability assessments, regional field support, training and several shared services that help organizations identify and respond to cyber-risk.

For Fortune 500 CISOs, the significance goes beyond Washington budget politics: If federal cyber capacity is reduced while foreign adversaries continue probing water, energy and other essential sectors, defenders might have to operate with less external visibility, coordination and hands-on assistance precisely when resilience matters most.

Read the full story by Eric Geller on Cybersecurity Dive.

Ceasefires rarely mean cyber calm for enterprise defenders

As a tenuous U.S.-Iran military ceasefire dominates global headlines, experts warn that pauses in kinetic conflicts rarely translate to a halt in cyber operations.

On the contrary, historical data shows that cyberattacks frequently escalate during ceasefires, with both state-sponsored and aligned threat actors exploiting the downtime to target critical infrastructure and conduct espionage. Exceptions exist, however, such as the 2015 Iran nuclear deal negotiations, which saw a temporary cessation of Iranian cyber activity.

For enterprise defenders, this trend underscores the need to remain vigilant during geopolitical lulls, as adversaries could shift focus to cyber domains. Organizations must prioritize monitoring, threat intelligence and resilience planning to mitigate risks from opportunistic attacks during such periods.

Read the full story by Nate Nelson on Dark Reading.

Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.

Alissa Irei is senior site editor of Informa TechTarget Security.