In brief

The article reports that a Congressional Research Service review identifies Iranian state-sponsored cyber activity as a persistent threat to U.S. networks and critical infrastructure. It highlights campaigns in which Iran-linked actors exploited known Microsoft Exchange and Fortinet vulnerabilities to access critical infrastructure organizations, followed by data theft, ransomware deployment, encryption, and extortion. The report also references IRGC-affiliated CyberAveng3rs activity against industrial control systems, including programmable logic controllers used in water and wastewater environments.

More broadly, the CRS assessment places Iran alongside China, Russia, and North Korea as leading state-linked cyber adversaries targeting the United States. It says nation-state campaigns increasingly blend espionage, disruption, financial crime, and influence operations, while relying on recurring weaknesses such as internet-facing systems, stolen credentials, weak authentication, software vulnerabilities, and trusted supply chain relationships. The article also notes that attribution remains difficult because state-backed actors often hide their infrastructure and may work through criminal or proxy groups.

Source: Industrial Cyber

‍