Threat Intelligence , Critical Infrastructure Security Experts: Amplification of opportunistic cyberattacks central to Iran’s strategy April 28, 2026 Share By SC Staff (Adobe Stock) Iranian cyber operations against the U.S. were noted by former National Security Agency Director Timothy Haugh and Armadin founder Kevin Mandia to have been mainly focused on opportunistic targeting and information campaigns meant to magnify the impact of intrusions, rather than bombastic cyber incidents, reports The Record , a news site by cybersecurity firm Recorded Future. Such an attack playbook was evident in Iranian hackers' compromise of major U.S. medical device firm Stryker , which involved social engineering and the exploitation of valid credentials, said Haugh and Mandia at the Asness Summit on Modern Conflict and Emerging Threats. "I'd probably draw an analogy right now, that Iran and Iran's cyber capability is closer to a criminal actor," noted Haugh. More cybersecurity incidents involving stolen credentials could be expected from Iran, according to Mandia. "I doubt you're gonna see custom web app attacks done. I think it's gonna be logging in. I really do. It's gonna be an identity security issue," Mandia added. SC Staff Related Threat Intelligence More covert ClickFix variant targeting Windows detailed SC Staff April 28, 2026 HackRead reports that Windows systems have been subjected to a novel ClickFix attack campaign that leverages fraudulent CAPTCHA pages in the lead up to illicit command execution. Government security Chinese spear-phishing campaign targets NASA employees SC Staff April 28, 2026 NASA had its employees and research collaborators reported by its Office of Inspector General to have been subjected to a Chinese spear-phishing campaign aimed at procuring the agency's sensitive data, The Hacker News reports. Supply chain North Korean hackers operate self-propagating supply chain hack SC Staff April 28, 2026 North Korean state-sponsored threat operation Void Dokkaebi, also known as Famous Chollima, has leveraged phony job interviews to compromise developers with malware as part of a self-spreading supply chain intrusion campaign, GBHackers News reports. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Botnet Deauthentication Attack Dictionary Attack Distributed Scans Dumpster Diving Fault Line Attacks Information Warfare Password Cracking Reconnaissance You can skip this ad in 5 seconds