• Date: April 7, 2026 (Advisory Release)
• Location: United States (Water/Wastewater, Energy, Government facilities); previous activity in Ireland
• Key Actors: Iran-linked threat actors (including Handala hacker group)

Key Facts:

• Threat actors are actively manipulating internet-exposed Programmable Logic Controllers (PLCs), specifically targeting Rockwell Automation/Allen-Bradley products.
• Attacks result in disruptions by interacting with project files and manipulating data displayed on Human-Machine Interface (HMI) and SCADA systems.
• The Handala group has been officially linked to the Iranian government.

Actionable Recommendations:

• Mandate immediate inventory and patching of all internet-facing OT devices https://www.google.com/url?q=https://www.securityweek.com/iran-linked-hackers-disrupt-us-critical-infrastructure-via-plc-attacks/&sa=E&source=workflows.
• Implement strict network segmentation between IT and OT environments.

• Date: April 7, 2026 (Advisory Release)
• Location: Global (Targeting SOHO routers)
• Key Actors: Russian GRU (Military Intelligence); disrupted by FBI, NSA, and international partners

Key Facts:

• A GRU network leveraging compromised Small-Office Home-Office (SOHO) routers was disrupted after being used in malicious hijacking operations.
• The compromised devices were utilized to steal sensitive information.

Actionable Recommendations:

• Conduct forensic audits on all remote access points associated with SOHO devices for indicators of compromise (IOCs) https://www.google.com/url?q=https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4453919/nsa-supports-fbi-in-highlighting-russian-gru-threats-against-routers/&sa=E&source=workflows.

• Date: Ongoing as of March 26, 2026 (MARAD Advisory)
• Location: Red Sea, Bab el Mandeb Strait, Gulf of Aden
• Key Actors: Houthi terrorist group (Yemen-based)

Key Facts:

• The Houthis continue to pose a high risk to commercial shipping, specifically targeting vessels associated with Israel, the U.S., or the UK.
• Tactics include the deployment of unmanned aerial vehicles (UAVs), unmanned surface vehicles (USVs), ballistic missiles, and illegal boardings.
• The threat persists despite ceasefires, causing sustained disruption to a critical global trade choke point.

Actionable Recommendations:

• Advise corporate maritime logistics teams to review contingency routing and threat mitigation procedures for the Southern Red Sea https://www.google.com/url?q=https://www.maritime.dot.gov/msci/2026-006-red-sea-bab-el-mandeb-strait-gulf-aden-arabian-sea-and-somali-basin-houthi-attacks&sa=E&source=workflows.

• Date: Ongoing, with key Sahel developments through April 9, 2026
• Location: Sahel Region (Niger, Nigeria), United States Homeland
• Key Actors: Jama’a Nusrat ul-Islam wa al-Muslimin (JNIM), Islamic State (IS) Sahel Province, Lone Offenders

Key Facts:

• JNIM and IS affiliates recorded their first-ever direct clash in Niger on April 9, 2026, indicating expanding operational front lines across the Sahel https://www.google.com/url?q=https://www.cfr.org/global-conflict-tracker/conflict/violent-extremism-sahel&sa=E&source=workflows.
• The U.S. Homeland remains in a heightened threat environment, driven by lone offenders who are motivated by violent extremist ideologies and external geopolitical conflicts.
• Foreign Terrorist Organizations (FTOs) are utilizing visible online platforms to successfully radicalize and motivate supporters domestically.

Actionable Recommendations:

• Increase vigilance regarding online radicalization indicators within Homeland security programs.
• Focus intelligence collection on the spillover effects of Sahel instability into coastal West Africa https://www.google.com/url?q=https://www.cfr.org/global-conflict-tracker/conflict/violent-extremism-sahel&sa=E&source=workflows.

• Date: April 7 – April 9, 2026 (Recent Convictions/Sentencings)
• Location: U.S. National (MN, FL, NV, RI)
• Key Actors: Corporate executives, former non-profit leaders, and individuals exploiting pandemic relief and federal subsidy programs

Key Facts:

• A Florida insurance brokerage agreed to pay over $135 million for an Affordable Care Act (ACA) enrollment fraud scheme that secured $141.5 million in unwarranted federal subsidies (April 7, 2026) https://www.google.com/url?q=https://www.justice.gov/criminal/press-releases&sa=E&source=workflows.
• A Nevada business owner was sentenced to 54 months for a conspiracy that fraudulently claimed nearly $100 million in COVID-19 employment tax credits (April 7, 2026).
• Sentences were issued for key actors involved in the high-profile “Feeding Our Future” food program fraud scheme https://www.google.com/url?q=https://www.fbi.gov/investigate/white-collar-crime/news&sa=E&source=workflows.

Actionable Recommendations:

• Review and strengthen internal audit controls for compliance with federally regulated programs, focusing on areas previously exploited by large-scale fraud rings.