Active Threat

Iranian Cyber Threats

Iran's Islamic Revolutionary Guard Corps (IRGC) and Ministry of Intelligence conduct aggressive cyber operations against American infrastructure—particularly water systems, industrial controls, and political targets.

Water System Attacks IRGC Hacking Groups

75+

PLCs compromised in water attacks

US water systems targeted

2024

Trump campaign successfully hacked

IRGC-linked threat groups active

June 2025 Warning: Following US strikes on Iranian nuclear facilities, security researchers observed a significant spike in Iranian cyber attacks against American companies.

Understanding the Iranian Threat

Iranian cyber operations focus on critical infrastructure disruption, political interference, and retaliation for Western sanctions and military actions.

Water System Attacks

critical

CyberAv3ngers compromised water utilities across America, including Aliquippa, PA near Pittsburgh.

Election Interference

critical

APT42 (Charming Kitten) successfully hacked the Trump campaign and attempted to breach Biden campaign.

Infrastructure Targeting

high

Iranian actors target energy, healthcare, manufacturing, and defense industrial base.

IRGC Hacking Groups

high

APT33, APT34, APT42, MuddyWater—state-sponsored groups targeting Americans.

CyberAv3ngers Water System Attacks

IRGC hackers targeting American water utilities

November 2023 - Aliquippa, PA: Iranian hackers took control of a booster station at the Municipal Water Authority of Aliquippa, just 30 miles from Pittsburgh. The attack displayed the message: "You have been hacked, down with Israel."

75+

PLCs compromised

US water systems targeted

Waves of attacks

Attack Method

Targeted Unitronics PLCs with default or no passwords
Developed custom ladder logic to take control of devices
Disabled upload/download functions to prevent recovery
Renamed devices and changed port numbers

2024 Election Interference

APT42 targeted both presidential campaigns

Trump Campaign

Successfully Hacked

Iranian hackers compromised the email account of a former presidential campaign adviser and used it to contact current senior campaign officials.

Biden Campaign

Attempted - Failed

APT42 targeted approximately 12 people associated with both campaigns between May-June 2024. The Biden campaign was not successfully breached.

APT42 Tactics: Masqueraded as journalists from Washington Institute for Near East Policy, created fake LinkedIn profiles, and sent spear-phishing emails to trick targets into sharing credentials.

Iranian State-Sponsored Threat Groups

APT33 (Elfin)

IRGC

Focus

Aviation, energy, defense

Key Tactic

Password spraying, Azure exploitation

APT34 (OilRig)

MOIS

Focus

Government, finance, telecom

Key Tactic

VPN exploitation, backdoors

APT42 (Charming Kitten)

IRGC-IO

Focus

Political campaigns, NGOs, media

Key Tactic

Spear phishing, social engineering

CyberAv3ngers

IRGC-CEC

Focus

Water systems, PLCs

Key Tactic

Default password exploitation

MuddyWater

MOIS

Focus

Transportation, manufacturing

Key Tactic

Most active group in 2025

Why Rural Systems Are Vulnerable

Iranian hackers specifically target industrial control systems (ICS) and programmable logic controllers (PLCs) commonly used by small water utilities and rural infrastructure.

Default Passwords

Many PLCs still use factory defaults or simple passwords

Internet-Connected

Remote management exposes systems to the internet

Limited IT Staff

Small utilities lack dedicated cybersecurity expertise

Protect Your Infrastructure

If you operate water systems, industrial controls, or critical infrastructure, learn how to defend against Iranian cyber threats.

Protection Guide View Attack Details

Russia Threats Other Nation-State Threats

Iranian State-Sponsored Threat Groups

APT33 (Elfin)

IRGC

Focus

Aviation, energy, defense

Key Tactic

Password spraying, Azure exploitation

APT34 (OilRig)

MOIS

Focus

Government, finance, telecom

Key Tactic

VPN exploitation, backdoors

APT42 (Charming Kitten)

IRGC-IO

Focus

Political campaigns, NGOs, media

Key Tactic

Spear phishing, social engineering

CyberAv3ngers

IRGC-CEC

Focus

Water systems, PLCs

Key Tactic

Default password exploitation

MuddyWater

MOIS

Focus

Transportation, manufacturing

Key Tactic

Most active group in 2025

Why Rural Systems Are Vulnerable

Iranian hackers specifically target industrial control systems (ICS) and programmable logic controllers (PLCs) commonly used by small water utilities and rural infrastructure.

Default Passwords

Many PLCs still use factory defaults or simple passwords

Internet-Connected

Remote management exposes systems to the internet

Limited IT Staff

Small utilities lack dedicated cybersecurity expertise