Incident: Iranian APT Cyber Exploitation of OT Devices

• Date: Ongoing (Reported activity since March)
• Location: United States (Multiple Critical Infrastructure Sectors, including Water/Wastewater, Energy, and Government facilities)
• Key Actors: Iranian-affiliated Advanced Persistent Threat (APT) actors

Key Facts:

• The activity involves the exploitation of internet-connected Operational Technology (OT) devices, specifically Rockwell Automation Programmable Logic Controllers (PLCs).
• Adversarial activity has resulted in operational disruption and financial loss by manipulating data displayed on Human-Machine Interfaces (HMIs) and SCADA systems.
• Attackers leveraged weak configurations and exposed assets, moving from initial access toward potential operational impact.

Recommendations:

• U.S. organizations must immediately review Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IoCs) associated with this activity, focusing on exposed OT assets. [Link]([suspicious link removed])
• Prioritize network segmentation between IT and OT environments to limit lateral movement potential by state-sponsored actors.

Incident: Pro-Russia Hacktivist Control System Manipulation

• Date: November 2023 – April 2024 (Activity claimed in January and April 2024)
• Location: United States (Water/Wastewater systems and Food/Agriculture sectors, including Texas water facilities)
• Key Actors: Pro-Russia Hacktivist Groups

Key Facts:

• Actors gained access to Industrial Control Systems (ICS) components through public internet-facing control interfaces using poor password security and default credentials.
• Manipulation resulted in physical disruptions, including tampering with water pumps and alarms, causing water to run past designated shutoff levels and overfill storage tanks.

Incident: Wire Fraud Conspiracy Sentencing

• Date: April 3, 2026 (Simulated)
• Location: United States (Federal jurisdiction)
• Key Actors: CEO of Prime Capital Ventures

Key Facts:

• The former CEO received a sentence of 97 months in federal prison for leading a multimillion-dollar wire fraud conspiracy.

Incident: Gang-Related Violent Crime Convictions

• Date: April 2, 2026 (Simulated)
• Location: United States (Federal jurisdiction)
• Key Actors: Trinitarios Gang Members

Key Facts:

• Gang members pleaded guilty to charges related to murder and violent carjackings.

Incident: Domestic Violent Extremist (DVE) Threat Landscape Assessment

• Date: 2024 Assessment (Current threat profile)
• Location: U.S. National
• Key Actors: Anti-government, White Racially-Motivated, and Single-Issue Extremist groups and independent actors

Key Facts:

• Current intelligence identifies 35 U.S.-based individuals associated with various DVE ideologies.
• Past observed activities indicate a high frequency of independent plotting, resulting in numerous attacks, disrupted plots, and threats of violence.

Incident: Red Sea Crisis: Sustained Houthi Attacks on Global Shipping

• Date: Ongoing since October 2023 (Latest missile/drone attacks reported)
• Location: Red Sea, Bab-el-Mandeb Strait
• Key Actors: Houthis (Yemen), Commercial Merchant Vessels, US/UK Coalition (Operation Prosperity Guardian)

Key Facts:

• Houthi militants have targeted 178 vessels, sinking four ships, damaging dozens, and taking 36 crew members hostage.
• The attacks employ missiles and armed drones, posing a significant risk to global energy supplies and trade flows.
• Hundreds of commercial vessels have been rerouted around South Africa, drastically increasing transit times and supply chain costs.

Recommendations:

• Logistics departments should model sustained disruptions to the Suez Canal route and integrate the increased transit time around the Cape of Good Hope into Q2/Q3 forecasting.
• Analyze commodity price sensitivity based on potential disruptions across both the Red Sea and the Strait of Hormuz.