استخبارات الخصم

AI, the Iran-US Conflict, and the Threat to US Critical Infrastructure

More than 60 Iranian-aligned cyber groups mobilized within hours of the February 28, 2026 Iran-US escalation, as AI tools sharply lowered the barrier to targeting America’s internet-exposed critical infrastructure. The report shows how exposed ICS systems, default credentials, and AI-assisted reconnaissance are converging into a fast-growing national security risk.

March 6, 2026

دقيقة

جدول المحتوى

مثال H2

The Open Door

On 28 February 2026, the United States and Israel launched coordinated strikes against Iran. Within hours, over 60 hacktivist groups had activated on Telegram. They do not need military training, ICS expertise, or state backing. All of them have something arguably more useful: an AI assistant and knowledge of 40,000+ internet-exposed control systems.

This blog traces the trajectory from a decade of Iranian cyber escalation to the current conflict environment, and makes the case that the convergence of AI-assisted reconnaissance with a persistently exposed US ICS attack surface represents the defining cyber threat of this conflict. The methodology is documented, the attack surface is verified, and the barrier is lower than it has ever been.

Setting the Stage: The Conflict and Its Cyber Dimensions

The Iran-Israel-US conflict did not begin on 28 February 2026. Its cyber dimensions have been building for over a decade. What changed is the scale, speed, and accessibility of the threat. To understand where we are, the timeline is essential.

ESCALATION TIMELINE | IRAN–ISRAEL–US CYBER CONFLICT

2012	Shamoon wiper destroys 30,000 Saudi Aramco endpoints. Iran demonstrates willingness to conduct destructive critical infrastructure attacks. Requires nation-state resources and ICS expertise.
2017	TRITON/TRISIS deployed against a Saudi petrochemical plant's Safety Instrumented System. First malware ever to target industrial safety systems. Linked to Iranian state development. Tier 1 capability only.
Oct 2023	Hamas attacks on Israel trigger activation of Iranian-aligned cyber ecosystem. CyberAv3ngers begins targeting Unitronics PLCs across Israeli and Western water, energy, and manufacturing facilities.
Nov 2023	CyberAv3ngers compromise US water infrastructure using a default password. CISA confirms 75+ US ICS devices compromised in the same campaign across four attack waves.
Oct 2024	OpenAI confirms CyberAv3ngers used ChatGPT for ICS reconnaissance. Default credentials, port discovery, Modbus scripting queried via a commercial AI platform.
H1 2025	OT/ICS internet exposure rises 35% year-over-year. Unitronics port 20256 exposure surges 160% despite two years of CISA advisories. The attack surface is growing, not shrinking.
28 Feb 2026	US-Israel strikes against Iran. Ayatollah Khamenei killed. Within hours: Electronic Operations Room formed on Telegram. 60+ Iranian-aligned hacktivist groups activate. AI-assisted ICS reconnaissance now accessible to all of them.

The trajectory is clear: what began as nation-state-level ICS capability in 2012 has become, by 2026, something any motivated actor can attempt with free tools and an internet connection. The technical barrier has collapsed. The threat pool has expanded. And the US attack surface has never been larger.

Who Is Targeting US Critical Infrastructure

The current conflict has produced the largest single-event activation of Iranian-aligned cyber actors ever documented. The ecosystem spans Tier 1 nation-state APTs conducting years-long pre-positioning operations, to Tier 2 hacktivist groups with no ICS background looking for an accessible entry point. Both now have access to the same AI-assisted reconnaissance pipeline.

Threat Actor	Tier	Primary ICS/OT Relevance
CyberAv3ngers (BAUXITE)	2 \| IRGC-CEC	Confirmed US ICS attacks; default credential exploitation of Unitronics PLCs; IOCONTROL malware
APT33 / Elfin	1 \| IRGC	Password spray against US electric utilities and oil/gas operators; TRITON/TRISIS SIS targeting
MuddyWater (MERCURY)	1 \| MOIS	Telecoms, oil/gas, government; initial access broker; active 2026 tooling (RustyWater)
APT34 / OilRig	1 \| MOIS	Energy and finance sector long-dwell access; currently silent (assessed: covert pre-positioning)
Handala Hack Team	2 \| MOIS-aligned	Wiper, ransomware, ICS disruption claims; supply chain via MSP providers
Charming Kitten / APT35	1 \| IRGC-IO	Intelligence collection against energy/defense adjacent individuals; feeds IRGC targeting
60+ Hacktivist Groups	2/3 \| Various	Activated 28 Feb 2026; Electronic Ops Room on Telegram; AI-assisted recon accessible to all

The killing of Khamenei adds a dimension that state-focused threat assessments tend to underweight: the decentralization of Iranian cyber operations. With central IRGC command disrupted, proxy groups and diaspora actors worldwide are operating on ideological initiative rather than state direction.

The Electronic Operations Room on Telegram is a coordination mechanism, not a command structure. These actors are less disciplined than state-directed groups, potentially more reckless, and have no political constraint on civilian impact.

They are also the actors most likely to reach for AI assistance to compensate for the technical depth they lack.

AI as the Force Multiplier: Lowering the Barrier to ICS Attacks

To understand why the activation of 60+ hacktivist groups is a materially different threat than it would have been three years ago, you need to understand what AI now provides to an actor with no ICS background.

The traditional barrier to ICS attacks was knowledge: understanding industrial protocols, device behavior, what Modbus registers were, how to communicate with a PLC, which devices had exploitable default states. This took years to build. It is what kept ICS attacks confined to nation-state actors or well-resourced criminal groups.

AI does not break this barrier by teaching ICS to attackers.

It breaks it by making the knowledge barrier irrelevant for the most accessible and damaging attack vector: internet-exposed ICS devices with default or absent credentials. To exploit these, you do not need to understand how a PLC works. You need to know it exists, where it is, and what password to type.

"The significance is not that AI created new attack capabilities. It is that AI eliminated the research phase. An actor can move from intent to a list of accessible US ICS devices with known default credentials in under five minutes."

AI Platforms and the Conflict: The Pentagon Dimension

The same 48-hour window that saw Iranian-aligned hacktivist groups activate on 28 February 2026 produced a parallel development in the AI platform landscape that is directly relevant to this assessment.

On 28 February 2026, OpenAI confirmed a partnership with the US Department of Defense (redesignated the Department of War under the current administration) to provide AI capabilities for classified government use cases. Consumer reaction was immediate and measurable.
According to Sensor Tower data reported by TechCrunch, US uninstalls of the ChatGPT mobile app spiked 295% day-over-day on 28 February, compared to a typical daily uninstall rate of approximately 9%. One-star reviews surged 775% on the same day, and five-star ratings fell by 50%.
Anthropic, having declined a similar partnership citing concerns about surveillance and autonomous weapons, saw its Claude app benefit significantly.
Claude downloads rose 37% on 27 February and 51% on 28 February. Appfigures reported that Claude's total daily US downloads surpassed ChatGPT's for the first time, and the app reached No. 1 on the US App Store.
Notably, reporting also indicated that US defense officials leveraged Anthropic's technology in strikes against Iran, even after formally distancing from the partnership.

WHY THIS IS RELEVANT TO THE ICS THREAT LANDSCAPE

The OpenAI-Pentagon partnership and its public fallout illustrate that AI platforms are now deeply embedded in the conflict ecosystem from both directions: as tools used by state actors for defense operations, and as tools used by threat actors for offensive reconnaissance. The CyberAv3ngers ChatGPT disclosure (Section 04) and the OpenAI-DoD deal are two sides of the same dynamic.

The consumer backlash also signals that public trust in AI governance is fragile in conflict contexts. For defenders, this matters: the AI platforms most likely to provide unrestricted ICS reconnaissance assistance are not the publicly accountable commercial platforms subject to policy enforcement. They are the unconstrained, jailbroken, or adversarially fine-tuned alternatives that threat actors migrate to when commercial platforms enforce safety guidelines.

Source: TechCrunch, 2 March 2026 | Sensor Tower via TechCrunch | Appfigures | Republic World

What the CyberAv3ngers ChatGPT Sessions Confirmed

This dynamic is not theoretical. In October 2024, OpenAI's threat intelligence report confirmed that CyberAv3ngers accounts had used ChatGPT for ICS reconnaissance. The documented query types, as reported by OpenAI, included:

CONFIRMED CHATGPT QUERY TYPES | SOURCE: OPENAI THREAT INTELLIGENCE REPORT, OCTOBER 2024

Requesting lists of industrial protocols and ports accessible via the internet
Querying default credentials for Tridium Niagara devices and Hirschmann RS industrial routers
Requesting guidance on creating Modbus TCP/IP clients for protocol interaction
Asking how to scan networks programmatically for ICS devices
Requesting methods to obfuscate bash scripts for post-compromise use
Querying which industrial routers are commonly deployed in specific geographic regions

OpenAI assessed that these interactions did not provide capabilities beyond a conventional web search. That framing understates the operational impact.
The value of AI in this context is speed and accessibility. A session that surfaces the right Shodan query, confirms a default credential, and explains a protocol in one conversation removes weeks of background research.
For a hacktivist group activated in response to a breaking geopolitical event with a specific retaliatory mandate, that compression is operationally significant.

The AI-Assisted Recon Chain in Practice

The following documents the AI-assisted reconnaissance workflow as a research exercise, directly mirroring the documented CyberAv3ngers methodology. All steps are entirely passive. No systems were accessed, authenticated to, or probed. Every finding described below was obtained through standard HTTP requests and publicly indexed content.

Step 1: Asset Discovery via AI-Generated Shodan and Google Dork Queries

A researcher asks an LLM to generate Shodan queries for internet-exposed ICS devices in the United States, targeting specific protocols and vendor types. The resulting queries return live, addressable industrial systems:

*Snapshot of the Shodan Queries provided by an AI LLM agent for different softwares specific to ICS assets based in the United States*

Step 2: Passive URL Analysis and CVE Assessment

After identifying a few live ICS web interfaces via the queries above, the researcher provided the URL to an AI system and asked for a passive assessment of what is exposed. The following represents the analysis returned from a Siemens SIMATIC CP 343-1 web interface identified during this research:

An actor with no prior ICS knowledge, receiving this analysis, has a complete threat model for a live industrial device: its exact type, CVEs, the fact that no authentication is configured, a map of every accessible sub-page and what it reveals, and a clear description of what the next step achieves. This was produced from a single standard browser HTTP request. No scanning, no exploitation, no network probing.

*Live Siemens SIMATIC CP 343-1 web interface (Portal0000.htm): device model, RUN state, 'Module Access Protection: Not locked', navigation menu of all accessible sub-pages. IP/hostname redacted.*

*Additional exposed ICS/HMI portal identified via Shodan/Google dork during research: device type, unauthenticated access state, accessible management interface. IP/hostname redacted and capability to* ***edit*** *the meter readings and change polarity of setups to rest meter readings wrt electricity power plant based in a certain US asset*

From Open Port to Operational Disruption: The Aliquippa Case Study

Exposure statistics and reconnaissance methodology are abstract until they are grounded in what this attack chain produced in the real world. The Aliquippa water plant compromise is the documented proof of concept for what an open ICS port with a default password leads to.

Municipal Water Authority of Aliquippa, Pennsylvania | November 25, 2023

The Aliquippa attack required no AI assistance. It was already simple enough to execute without it.
What AI introduces is scale and automation.
The Aliquippa methodology can be scripted in under 50 lines of Python:
Iterate a list of Unitronics devices on port 20256 returned by a Shodan query, attempt the default password, log successes.
One operator, no ICS knowledge, many simultaneous targets.
The 60+ groups activated since 28 February 2026 include actors technically capable of exactly this.

THE PAID MODEL ESCALATION

The reconnaissance capability described in this blog used publicly available AI tools operating within standard policy guidelines. Premium, unconstrained, or adversarially fine-tuned model variants go further:

Generating functional Python automation scripts for bulk PCOM credential testing across Shodan-returned device lists
Producing Modbus write scripts for direct process value manipulation
Providing obfuscation techniques to reduce AV detection signatures on post-compromise tooling
Detailing persistence mechanisms within ICS environments
Advising on stealth approaches for maintaining long-term access to industrial networks.

Conclusion and Takeaways

"The barrier to ICS disruption is no longer technical. It is motivational. And the events of 28 February 2026 have provided motivation to 60+ groups simultaneously."

The current cyber threat landscape is being shaped by three major trends: a surge in Iranian-aligned cyber activity, the growing use of AI tools that make attacks easier to plan, and an expanding exposure of U.S. critical infrastructure systems online.
Recent conflict-related developments have led to a large activation of cyber groups linked to Iranian interests, increasing the chances of aggressive or opportunistic targeting of infrastructure and technology systems.
AI tools are lowering the technical barrier for attackers, allowing them to quickly research and identify vulnerable industrial and infrastructure systems without needing deep prior expertise.
The tactics previously used by CyberAv3ngers show a playbook that other groups can now replicate much more easily with the help of AI.
Attackers can now speed up early-stage reconnaissance by using AI to generate search queries, scan exposed systems on the internet, and identify potential targets within a short period of time.
The relationship between commercial AI platforms and government or defense organizations is becoming part of the broader geopolitical cyber landscape.

Restrictions or safety controls on major AI platforms may push malicious actors to use alternative AI tools that have fewer safeguards.
As a result, current protections on some AI platforms may slow attackers but are unlikely to fully stop determined groups from using AI in cyber operations targeting infrastructure.

THREE DEFENSIVE ACTIONS THAT WOULD HAVE PREVENTED ALIQUIPPA

Remove ICS management interfaces from public internet exposure. No Siemens SIMATIC portal, Unitronics HMI, Niagara login page, or similar interface should be reachable from an external IP without a VPN in front of it. This eliminates the AI-assisted passive reconnaissance attack path entirely.
Change default credentials before deployment. The Unitronics default password is "1111." It is in the vendor manual. It is in CISA Advisory AA23-335A. It was used in the Aliquippa attack. It remains in active use on internet-exposed devices today.
Block ICS protocol ports from internet-facing access. TCP/20256, TCP/102, TCP/502, TCP/44818, TCP/1911, UDP/47808 have no legitimate reason to be directly internet-accessible without a VPN. Blocking inbound access to these ports eliminates the bulk-credential-stuffing attack path.

These are not aspirational security goals. They are the specific controls that, had they been in place at Aliquippa, would have meant CyberAv3ngers had nothing to connect to. The threat actors active in March 2026 have AI. The attack surface is larger than when these advisories were published. The window is not indefinite.

PRIMARY SOURCES

CISA Advisory AA23-335A | Exploitation of Unitronics PLCs Used in Water and Wastewater Systems (updated Dec 2023)
OpenAI Threat Intelligence Report, October 2024 | CyberAv3ngers ChatGPT usage disclosure
TechCrunch, 2 March 2026 | ChatGPT uninstalls surge 295% after DoD deal (Sensor Tower data)
Palo Alto Unit 42 | Iranian hacktivist group activation assessment, 2 March 2026
Claroty Team82 | IOCONTROL: Iranian Cyberweapon Targets SCADA in US and Israel, December 2024
Forescout Research Labs | The global threat evolution of internet-exposed OT/ICS, June 2025
ReliaQuest Digital Risk Protection Trends Report, H1 2025
SANS Internet Storm Center | Jan Kopriva, ICS device internet accessibility count, April 2024
Shadowserver Foundation | Accessible ICS Report, December 2023
Republic World / Storyboard18 | OpenAI Pentagon deal reporting, 28 February 2026
KDKA-TV Pittsburgh | Municipal Water Authority of Aliquippa board chairman statement, November 2023

إبراهيم الصيفي

Passionate about offensive security, the author uncovers real-world vulnerabilities and business risks through an adversarial lens. With expertise in penetration testing, vulnerability assessment, and chaining attacks for escalation, he also researches industry trends to help organizations strengthen defenses against evolving threats.

لم يتم العثور على أية عناصر.