Welcome back, my cyberwarriors! As the US and Iran lurch toward a military confrontation, we must ask whether the US and other western nations’ industrial facilities are at risk. Unquestionably, Iran does NOT have the military capabilities to counter the US in a kinetic war, but could they terrorize the US industrial facilities instead? In […]
The post Now that the US Has Bombed Iran, Should We Expect Attacks Against US Critical Industrial Infrastructure (SCADA/ICS)? first appeared on Hackers Arise.
Welcome back, my cyberwarriors!
As the US and Iran lurch toward a military confrontation, we must ask whether the US and other western nations’ industrial facilities are at risk. Unquestionably, Iran does NOT have the military capabilities to counter the US in a kinetic war, but could they terrorize the US industrial facilities instead?
In this era of cyberwar, nations without significant kinetic (guns, planes, boats, bullets) capabilities can counter this lack with cyberwar capabilities. This is often referred to as asymmetric warfare. One nation spends trillions of dollars on aircraft carriers, stealth bombers, rockets, and an army of millions versus a nation with a handful of skilled hackers, with computers, internet access, in a bunker can counter the military behemoth at less than 1% of the cost. A good part of Ukraine’s success at holding off the much larger and better equipped Russian military over the last 3 years can be attributed to this asymmetric warfare from Ukraine’s cyberwarriors. Can Iran’s cyberwarriors do the same?
Iran has a highly skilled entourage of hackers that have targeted US industrial facilities for decades. SCADA/ICS are the favored target in cyberwar. By compromising SCADA/ICS facilities, the attacker can;
- weaken the local economy,
- limit the availability of clean drinking water,
- Limit communication (mobile and Internet)
- Restrict availability of electricity
- Blow Up a facility thereby using the it as a weapon
- Limit the ability to manufacture war products
This list could go on and on and all of these attacks have been used in the Ukraine/Russia war .
SCADA/ICS attacks can be devastating!
Iran has long been interested in compromising US industrial facilities. Over the past decade (2015–2025), Iran has repeatedly targeted U.S. infrastructure through a range of cyberattacks.
Below I have created a brief chronology and description of significant Iranian cyber operations against U.S. infrastructure sectors, based on public indictments, government advisories, and major news reports.
1. Financial Sector DDoS Attacks (2011–2013; publicized in 2016)
- Actors: Izz ad-Din al-Qassam Cyber Fighters, linked to the Iranian government and Islamic Revolutionary Guard Corps (IRGC).
- Method: Large-scale distributed denial-of-service (DDoS) attacks.
- Targets: Nearly 50 major U.S. financial institutions, including Bank of America, New York Stock Exchange, and Capital One.
- Impact: Disrupted online banking for millions; tens of millions of dollars in response costs.
- Details: Botnets generated up to 140Gbps of traffic, overwhelming bank servers.
2. Bowman Avenue Dam Intrusion (2013; indictment in 2016)
- Actors: Iranian hackers employed by ITSec Team and Mersad Co., working for the IRGC.
- Method: Unauthorized access to a small dam’s SCADA system in Rye Brook, New York.
- Impact: Attackers accessed status and operational data; physical sabotage was averted only because the sluice gate was offline for maintenance.
- Significance: Demonstrated intent and capability to target U.S. industrial control systems.
3. Boston Children’s Hospital Attack Attempt (2022)
- Actors: Three Iranian nationals indicted.
- Method: Attempted cyberattack, specifics undisclosed.
- Target: Boston Children’s Hospital.
- Impact: FBI intervention prevented disruption; hospital network and patient care protected.
- Significance: Highlighted Iranian willingness to target healthcare infrastructure.
4. Water Utilities Attacks (2023–2024)
- Actors: CyberAv3ngers, an IRGC-affiliated group.
- Method: Exploitation of vulnerabilities in Israeli-made Unitronics PLCs (industrial control devices), often using default passwords.
- Targets: At least a Pittsburgh-area water utility and nearly ten other small U.S. water utilities.
- Impact: One utility (Aliquippa, PA) forced to operate a water pump station manually; others experienced limited operational impact.
- Significance: Demonstrated ability to disrupt physical infrastructure and the risk to under-resourced utilities
5. Healthcare Sector Attacks (2023–2024)
- Actors: Iranian cyber actors, sometimes collaborating with ransomware affiliates.
- Method: Disruption and extortion attempts, including ransomware.
- Targets: U.S. healthcare organizations and hospitals.
- Impact: Attempts to lock networks and extort victims; ongoing threat to patient care and data security.
- Significance: Shows expansion of Iranian targeting to vital civilian infrastructure.
6. Critical Infrastructure Brute-Force Campaigns (2023–2024)
- Actors: Iranian state-sponsored hackers.
- Method: Brute-force credential attacks to compromise user accounts and modify multi-factor authentication (MFA) settings for persistent access.
- Targets: Multiple sectors, including healthcare, government, IT, engineering, and energy.
- Impact: Enabled persistent access to sensitive systems, sometimes selling credentials on criminal forums for further exploitation.
- Significance: Highlights persistent, multi-sector targeting and credential theft as a vector.
7. Malware Targeting Industrial Control Systems (2023–2025)
- Actors: CyberAv3ngers, IRGC Cyber-Electronic Command.
- Method: Deployment of malware (e.g., IOControl) against ICS/SCADA devices.
- Targets: U.S. critical infrastructure sectors, including water and energy.
- Impact: Potential for deep network access and more profound cyber-physical effects.
- Significance: Ongoing U.S. government efforts to identify and sanction responsible individuals.
Summary Table
| Year(s) | Sector | Attack/Method | Impact/Notes |
|---|---|---|---|
| 2011–2013 | Financial | DDoS | Major bank disruptions, tens of millions in damages |
| 2013 | Industrial (Dam) | SCADA intrusion | No physical damage, but access to controls |
| 2022 | Healthcare | Attempted cyberattack | FBI intervention, no disruption |
| 2023–2024 | Water Utilities | ICS/PLC exploitation | Manual operation required at one utility |
| 2023–2024 | Healthcare | Ransomware, extortion | Disruption, extortion attempts |
| 2023–2024 | Critical Infrastructure | Brute-force, MFA compromise | Persistent access, credential theft |
| 2023–2025 | Industrial/ICS | Malware (IOControl) | Deep access, ongoing threat |
Summary
With the world teetering on the brink of another full-scale war, Iran may choose to counter-attack with cyber operations. Their history and capabilities would indicate that this would be there most likely vector for countering a US kinetic attack.
To learn more about SCADA/ICS Hacking and Security, unique training program at the link below.
https://hackersarise.thinkific.com/courses/hacking-scada-systems
The post Now that the US Has Bombed Iran, Should We Expect Attacks Against US Critical Industrial Infrastructure (SCADA/ICS)? first appeared on Hackers Arise.
Source: HackersArise
Source Link: https://hackers-arise.com/if-the-us-attacks-iran-will-iran-attack-us-industrial-facilities-scada-ics/