{"id":43994,"date":"2021-11-18T16:54:18","date_gmt":"2021-11-18T16:54:18","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32835\/Hackers-Backed-By-Iran-Are-Targeting-US-Critical-Infrastructure.html"},"modified":"2021-11-18T16:54:18","modified_gmt":"2021-11-18T16:54:18","slug":"hackers-backed-by-iran-are-targeting-us-critical-infrastructure","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/","title":{"rendered":"Hackers Backed By Iran Are Targeting US Critical Infrastructure"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/11\/iran-digital-800x534.jpeg\" alt=\"Illustration set of flags made from binary code targets.\"><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/11\/iran-digital.jpeg\" class=\"enlarge-link\" data-height=\"667\" data-width=\"1000\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Illustration set of flags made from binary code targets.<\/div>\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"26 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/gadgets\/2021\/11\/beware-of-iranian-government-backed-hackers-waging-ransomware-us-warns\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">26<\/span> <span class=\"visually-hidden\"> with 26 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 19:single\/related:dadaa0e1f1e920ae8ff9bc14f7a73bed --><!-- empty --><\/p>\n<p>Organizations responsible for critical infrastructure in the US are in the crosshairs of Iranian government hackers, who are exploiting known vulnerabilities in enterprise products from Microsoft and Fortinet, government officials from the US, UK, and Australia warned on Wednesday.<\/p>\n<p>A <a href=\"https:\/\/us-cert.cisa.gov\/ncas\/alerts\/aa21-321a\">joint advisory<\/a> published Wednesday said an advanced-persistent-threat hacking group aligned with the Iranian government is exploiting vulnerabilities in Microsoft Exchange and Fortinet\u2019s <a href=\"https:\/\/www.fortinet.com\/fortios\">FortiOS<\/a>, which forms the basis for the latter company\u2019s security offerings. All of the identified vulnerabilities have been patched, but not everyone who uses the products has installed the updates. The advisory was released by the FBI, US Cybersecurity and Infrastructure Security Agency, the UK\u2019s National Cyber Security Center, and the Australian Cyber Security Center.<\/p>\n<h2>A broad range of targets<\/h2>\n<p>\u201cThe Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple US critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations,\u201d the advisory stated. \u201cFBI, CISA, ACSC, and NCSC assess the actors are focused on exploiting known vulnerabilities rather than targeting specific sectors. These Iranian government-sponsored APT actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion.\u201d<\/p>\n<p>The advisory said that the FBI and CISA have observed the group exploit Fortinet vulnerabilities since at least March and Microsoft Exchange vulnerabilities since at least October to gain initial access to systems. The hackers then initiate follow-on operations that include deploying ransomware.<\/p>\n<p>In May, the attackers targeted an unnamed US municipality, where they likely created an account with the username \u201celie\u201d to further burrow into the compromised network. A month later, they hacked a US-based hospital specializing in health care for children. The latter attack likely involved Iranian-linked servers at 91.214.124[.]143, 162.55.137[.]20, and 154.16.192[.]70.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>Last month, the APT actors exploited Microsoft Exchange vulnerabilities that gave them initial access to systems in advance of follow-on operations. Australian authorities said they also observed the group leveraging the Exchange flaw.<\/p>\n<h2>Watch out for unrecognized user accounts<\/h2>\n<p>The hackers may have created new user accounts on the domain controllers, servers, workstations, and active directories of networks they compromised. Some of the accounts appear to mimic existing accounts, so the usernames are often different from targeted organization to targeted organization. The advisory said network security personnel should search for unrecognized accounts with special attention on usernames such as Support, Help, elie, and WADGUtilityAccount.<\/p>\n<p>The advisory comes a day after Microsoft <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/11\/16\/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021\/\">reported<\/a> that an Iranian-aligned group it calls Phosphorous is increasingly using ransomware to generate revenue or disrupt adversaries. The group employs \u201caggressive brute force attacks\u201d on targets, Microsoft added.<\/p>\n<p>Early this year, Microsoft said, Phosphorus scanned millions of Internet IP addresses in search of FortiOS systems that had yet to install the security fixes for CVE-2018-13379. The flaw allowed the hackers to harvest clear-text credentials used to remotely access the servers. Phosphorus ended up collecting credentials from more than 900 Fortinet servers in the US, Europe, and Israel.<\/p>\n<p>More recently, Phosphorus shifted to scanning for on-premises Exchange Servers vulnerable to CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, a constellation of flaws that go under the name ProxyShell. Microsoft <a href=\"https:\/\/arstechnica.com\/information-technology\/2021\/03\/microsoft-issues-emergency-patches-for-4-exploited-0days-in-exchange\/\">fixed the vulnerabilities<\/a> in March.<\/p>\n<p>\u201cWhen they identified vulnerable servers, Phosphorus sought to gain persistence on the target systems,\u201d Microsoft said. \u201cIn some instances, the actors downloaded a Plink runner named <em>MicrosoftOutLookUpdater.exe<\/em>. This file would beacon periodically to their C2 servers via SSH, allowing the actors to issue further commands. Later, the actors would download a custom implant via a Base64-encoded PowerShell command. This implant established persistence on the victim system by modifying startup registry keys and ultimately functioned as a loader to download additional tools.\u201d<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32835\/Hackers-Backed-By-Iran-Are-Targeting-US-Critical-Infrastructure.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":43995,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[9736],"class_list":["post-43994","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackergovernmentusacyberwariranscada"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hackers Backed By Iran Are Targeting US Critical Infrastructure 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers Backed By Iran Are Targeting US Critical Infrastructure 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-18T16:54:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/11\/iran-digital-800x534.jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Hackers Backed By Iran Are Targeting US Critical Infrastructure\",\"datePublished\":\"2021-11-18T16:54:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\\\/\"},\"wordCount\":647,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure.jpg\",\"keywords\":[\"headline,hacker,government,usa,cyberwar,iran,scada\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\\\/\",\"name\":\"Hackers Backed By Iran Are Targeting US Critical Infrastructure 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure.jpg\",\"datePublished\":\"2021-11-18T16:54:18+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,usa,cyberwar,iran,scada\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentusacyberwariranscada\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Hackers Backed By Iran Are Targeting US Critical Infrastructure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackers Backed By Iran Are Targeting US Critical Infrastructure 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/","og_locale":"en_US","og_type":"article","og_title":"Hackers Backed By Iran Are Targeting US Critical Infrastructure 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-11-18T16:54:18+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/11\/iran-digital-800x534.jpeg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Hackers Backed By Iran Are Targeting US Critical Infrastructure","datePublished":"2021-11-18T16:54:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/"},"wordCount":647,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure.jpg","keywords":["headline,hacker,government,usa,cyberwar,iran,scada"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/","url":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/","name":"Hackers Backed By Iran Are Targeting US Critical Infrastructure 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure.jpg","datePublished":"2021-11-18T16:54:18+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/hackers-backed-by-iran-are-targeting-us-critical-infrastructure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,usa,cyberwar,iran,scada","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentusacyberwariranscada\/"},{"@type":"ListItem","position":3,"name":"Hackers Backed By Iran Are Targeting US Critical Infrastructure"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43994","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=43994"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43994\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/43995"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=43994"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=43994"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=43994"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}