Iran-backed hackers, linked to the Islamic Revolutionary Guard Corps (IRGC), have escalated cyberattacks on U.S. critical infrastructure. These attacks target industrial control systems like SCADA and PLCs, particularly those connected to the internet.
One major incident involved the Municipal Water Authority of Aliquippa, Pennsylvania, which suffered an attack in November 2023. Iranian hackers manipulated a Unitronics PLC, forcing operators to switch to manual controls.
A more alarming case occurred at medical device maker Stryker in April 2025. The hacker group Handala used Stryker’s own CrowdStrike Falcon EDR tools to remotely wipe about 8,000 employee devices. Stryker acknowledged the breach in a Form 8-K but did not disclose financial impact.
These breaches highlight a growing trend: cyber weapons turning against their owners. As geopolitical tensions rise, particularly after Iran’s military actions in the Middle East, cyberattacks are increasingly blending with kinetic operations.
CISA, the FBI, and international partners warned of this evolving threat. The pattern reveals that vulnerable internet-facing systems-like default-password PLCs or misconfigured EDR tools-are prime targets.
As attacks grow bolder and more damaging, everyday services like water supply and healthcare face increasing risk from state-sponsored actors.