On April 8, 2026, the threat landscape for IoT, OT, ICS, and CPS security remains highly dynamic and perilous. State-sponsored actors continue to target critical infrastructure with sophisticated tactics, while new botnets and regulatory changes shape the evolving cybersecurity environment. Vigilance and proactive defense strategies are more crucial than ever to protect vital assets and maintain operational resilience.
Iranian APT Actors Target US Critical Infrastructure PLCs
A joint advisory from multiple US agencies warns that Iranian-affiliated groups CyberAv3ngers and Shahid Kaveh have been attacking internet-connected PLCs since March 2026. Targeted devices include Rockwell Automation PLCs impacting government, water, and energy sectors. Attackers manipulated project files and HMI/SCADA data, causing operational disruptions and financial losses.
Source: Industrial Cyber
Russian GRU Forest Blizzard Compromises SOHO Routers for DNS Hijacking
Microsoft reports that the Russian-linked Forest Blizzard threat actor has compromised thousands of SOHO routers since August 2025 to conduct DNS hijacking and adversary-in-the-middle attacks. This campaign targets government, IT, telecommunications, and energy sectors, intercepting credentials and communications at scale through manipulated DNS queries and TLS interception.
Source: Microsoft Security Blog
FBI 2025 Internet Crime Report Highlights $21 Billion US Cybercrime Losses
The FBI’s 2025 report reveals ransomware remains a dominant threat with over 3,600 complaints totaling $32 million in losses. Critical infrastructure sectors such as healthcare, manufacturing, and government facilities faced significant attacks from strains like Akira and LockBit. State-sponsored cybercrime targeting power grids and hospitals continues to escalate.
Source: Industrial Cyber
UK Cyber Security and Resilience Bill Enforces New OT Compliance Rules
The UK’s Cyber Security and Resilience Bill, now at the House of Commons Report Stage, mandates comprehensive cybersecurity measures for OT systems classified as “national resilience” assets. The bill introduces mandatory incident reporting, stronger penalties, and aligns with the NCSC’s Cyber Assessment Framework to enhance asset visibility, vulnerability management, and threat hunting.
Source: Nozomi Networks
Masjesu DDoS Botnet Targets Diverse IoT Devices with Evasive Techniques
The newly identified Masjesu botnet is spreading across a wide range of IoT devices, employing advanced evasion and persistence methods. This botnet exemplifies the increasing use of compromised IoT devices to launch powerful DDoS attacks, posing significant risks to both individual devices and global internet infrastructure.
Source: SecurityWeek
As cyber threats targeting OT and ICS environments grow in complexity and scale, continuous vigilance, robust security practices, and compliance with emerging regulations are essential to safeguarding critical infrastructure and maintaining operational integrity.
