Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

Threat groups target cyber-physical systems to disrupt critical infrastructure providers

The Iran war has raised concerns that key industrial sectors could be the target of hacktivists, state actors and other groups.

Published March 18, 2026
David Jones's headshot
Reporter
Industrial equipment sits inside a building.
A combined heat and power facility. Hacktivists and other threat groups have targeted critical industries for disruptive attacks. Getty Images

Threat groups are increasingly targeting critical infrastructure for malicious attacks by using direct access to cyber-physical systems, according to a report released Wednesday by Claroty, a firm that specializes in industrial security. 

These attackers, which often are state-sponsored or hacktivist groups, are abusing virtual network protocol in a majority of cases to gain remote access to exposed internet-facing assets. 

In two-thirds of the tracked incidents, attackers are compromising human-machine interfaces or supervisory control and data acquisition systems, which are used to control various industrial processes in factories and other operational technology environments. 

“When examining these attacks, we see a common methodology of ‘no vulnerabilities needed,’ in which attackers abuse misconfigured devices, insecure-by-design protocols and outdated insecure devices,” said Noam Moshe, head of Claroty’s Team82. “In their target picking, these opportunistic attackers look for internet-exposed devices, abusing default credentials/insecure protocols that do not have authentication, etc.”

The report opens a critical window into the attack risks facing critical infrastructure providers. The Iran war has raised the threat of direct attacks against key industries in the U.S., Israel and other allies in order to sow discord and disrupt essential services. 

“Since it is now well established that critical infrastructure cannot be dissociated from national security and economic prosperity, they have become prime targets,” Katell Thielemann, distinguished VP analyst at Gartner, told Cybersecurity Dive

Just last week, a state-linked threat actor launched a major attack against Stryker, a Michigan-based company that is a major provider of surgical and orthopedic devices to hospitals worldwide. A threat group tracked as Handala claimed credit for the attack, which involved the abuse of Microsoft Intune to wipe data from thousands of employee devices. The attack disrupted manufacturing, ordering and shipping at the company. Stryker said it is beginning to restore key services.

The Cybersecurity and Infrastructure Security Agency warned in December that pro-Russia groups were targeting critical infrastructure using VNC connections. Targeted sectors have included drinking and wastewater, food and agriculture, and energy systems. 

The Food and Agriculture-ISAC was one of several information sharing groups earlier this month to warn of state-sponsored and hacktivist threat activity linked to the Iran war. 

The Claroty report is based on analysis of more than 200 attacks, which took place over a 12-month period. 

Filed Under: Strategy, Threats

Editors' picks

Company Announcements

View all | Post a press release
Why Edge RF Awareness Is Essential for the M2M Era
From Digital Global Systems
March 16, 2026
Digital Global Systems logo
CyberFOX AutoElevate Named a High Performer in G2’s Spring 2026 Report for Privileged Access M…
From CyberFOX
April 01, 2026
CyberFOX logo
AI Is Fueling Secrets Sprawl. GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secr…
From GitGuardian
March 17, 2026
GitGuardian logo
Realm.Security Rolls Out AI-Ready Security Data for the Modern SOC Ahead of RSA Conference
From Realm.Security
March 16, 2026
Realm.Security logo
Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell