Submission + - Iranian hackers are exploiting lazy American security and nobody seems to care (nerds.xyz)
The targets? Critical infrastructure and defense-related companies, especially those with links to Israeli research or technology. According to the agencies, these threat actors are already scanning for exposed systems running outdated software, using default passwords, or connected directly to the internet without proper security.
And if that sounds like old news, that’s part of the problem.
This isn’t theoretical. During the Israel-Hamas conflict last year, Iranian actors breached dozens of U.S. industrial systems, including water utilities and manufacturers. Many were compromised through unsecured PLCs and HMIs left wide open online.
The same tactics are still in play. From website defacements to DDoS attacks and hack-and-leak operations, Iranian-aligned groups are combining technical intrusions with social and political messaging. Some work directly with ransomware gangs, stealing data and threatening public leaks if demands aren’t met.
The advisory makes it clear that the U.S. remains an active target. Sadly, it’s not because of sophisticated zero-days, but actually, because many organizations continue to ignore basic cyber hygiene. Sigh.
The suggested mitigations are mostly common sense. Disconnect OT systems from the public internet. Kill default passwords. Apply patches. Use MFA. Monitor logs. And perhaps most importantly, rehearse incident response plans like your business depends on it. After all, it might.
Too often, organizations with the least resources are left running the most critical infrastructure. That reality hasn’t changed, and neither has the threat.