Cybersecurity researchers have observed a significant increase in cyber threats targeting critical infrastructure in the US following the strikes on Iran on February 28. More than 60 Iranian-aligned hacktivist groups swiftly launched coordinated online activities after the attacks, forming an “Electronic Operations Room” on Telegram to organize cyber operations and exchange targets. The mobilization seemed to be motivated more by ideology than direct state control, making it challenging to anticipate or control the attacks.
The report underscores concerns about the susceptibility of US critical infrastructure systems linked to the internet. It reveals that over 40,000 industrial control systems (ICS) in the US are currently reachable through the public internet, with many of them having weak, default, or no login credentials. These systems, crucial for operating power grids, water networks, and manufacturing facilities, being exposed online, present a substantial potential attack surface for cyber actors.
Researchers at CloudSEK pointed out that the advent of artificial intelligence (AI) tools has significantly reduced the barriers to launching such attacks. In a demonstration, an individual with no prior knowledge of industrial control systems could identify a list of accessible US industrial targets in under five minutes using AI tools and passive reconnaissance techniques. This process did not involve direct system scanning, exploitation tools, or specialized technical knowledge, showcasing how AI is amplifying the capabilities of cyber threat actors.
CloudSEK also cautioned about the dual-use aspect of AI technologies, noting that the same AI platforms utilized by defense and security entities are readily accessible online, enabling attackers to leverage them for offensive reconnaissance and target identification. In a separate report analyzing the broader threat landscape, CloudSEK highlighted that while the February 28 strikes did not initiate the cyber threat against US infrastructure, they significantly hastened an existing threat that has been evolving for more than a decade.
