What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure

### Executive summary Tenable Research reports that the Iran-affiliated CyberAv3ngers group has matured into a state-directed ICS threat, deploying IOCONTROL malware and actively exploiting a critical, unpatchable authentication bypass (CVE-2021-22681) in Rockwell Logix controllers to disrupt U.S. water, energy, and government infrastructure; the advisory confirms operational impacts and provides urgent mitigations including disconnecting internet-exposed PLCs, enforcing segmentation, and applying defense-in-depth controls.