Last mentioned: Mar 12, 2026
Coordinated Probing
Reports emerge of widespread, coordinated attempts to breach US water treatment and utility systems.
Global OT Alert
International cybersecurity agencies issue joint warning regarding vulnerabilities in ICS/SCADA systems.
Defense Contractor Phishing
Coordinated phishing campaign by APT33 targeting US and UK defense supply chains.
Wiper Malware Detected
First reports of destructive Azero-Wiper payloads in regional logistics hubs in the Middle East.
Conflict Commencement
Initial kinetic operations begin; first wave of DDoS attacks hits Iranian government portals.
Wiper Malware Discovery
Researchers identify a new strain of destructive malware being tested in sandbox environments by Iranian actors.
Regional Conflict Outbreak
Physical hostilities begin in the Middle East, triggering a shift in Iranian cyber posture.
Initial Reconnaissance
Security firms detect a 40% increase in Iranian-linked IP addresses scanning US energy infrastructure.
State-sponsored Iranian cyber actors have intensified operations against United States infrastructure and international targets, shifting from traditional espionage toward disruptive preparation. Security officials warn that the ongoing regional conflict has significantly heightened the risk of retaliatory cyberattacks designed to cripple essential services.
One week after the commencement of kinetic operations involving Iran, the digital battlefield has expanded into a global 'gray zone' conflict. State-aligned threat actors have transitioned from espionage to destructive operations, targeting critical infrastructure and financial systems across the West and the Middle East.
This page surfaces every story mentioning CISA across our cybersecurity coverage. We track each entity's appearance over time so readers can trace how the narrative evolves — which developments are isolated incidents, which build into longer arcs, and which reframe how operators in the space think about the entity. Story selection uses the same multi-source verification gate applied across the rest of our coverage.
Read our editorial methodology for how we identify, deduplicate, and score entity references. Our glossary defines the technical terms used across stories on this page, and our trends index contextualizes individual developments against the longer-running cybersecurity beat. Cross-entity comparisons live on our compare view.
| What you see | What it tells you |
|---|---|
| Story count | Number of distinct stories where CISA was a primary or referenced actor. |
| Recency clustering | Whether mentions are concentrated in a recent window (a news cycle) or distributed (a sustained arc). |
| Sentiment distribution | Aggregate sentiment of the stories mentioning this entity, weighted by impact score. |
| Cross-niche links | When the same entity surfaces in our sibling networks, we link to those views to enrich context. |