A Threat Actor Landscape Assessment of ICS/OT Targeting in the 2026 Iran-US Conflict AND THE SCALE OF THE RISK

This intelligence brief assesses an elevated and active threat to US and allied industrial control systems: multiple Tier 1 nation-state APTs and numerous Tier 2 proxy/hacktivist groups are actively targeting ICS/OT via exposed devices, phishing, and IT-to-OT lateral movement; the report documents confirmed compromises and malware (e.g., IOCONTROL, Tickler, RustyWater), quantifies tens of thousands of internet-exposed ICS assets, and provides prioritized mitigation actions (remove internet-facing interfaces, change defaults, block industrial ports, audit MSP/RMM access, enable logging, hunt for LOTL anomalies).