Iran-linked hackers hit US bank, airport, and defense supplier as cyber campaign escalates

 March 6, 2026

Iran's state-linked hacking apparatus has penetrated American critical infrastructure, infiltrating a US bank, an airport, and a software company that supplies technology to the defense and aerospace industries.

Cybersecurity researchers at Symantec and Carbon Black revealed Thursday that the Advanced Persistent Threat group known as Seedworm launched the campaign in early February and has continued operating in recent days, even after US and Israeli military strikes on Iran.

The researchers also discovered a previously unknown piece of malware they named "Dindoor," a hidden backdoor digitally signed with a certificate issued to the name "Amy Cherne." Non-profit organizations in both the US and Canada were also compromised, the Daily Mail reported. The software company operates in Israel, and its Israeli branch appears to have been the primary target of that particular intrusion.

The affected companies have not been publicly named. Investigators detected an attempt to copy data to external cloud storage, though it remains unclear whether any information was successfully stolen.

A Message, Not a Heist

What makes this campaign distinctive is its apparent purpose. The researchers offered a blunt assessment:

"These attacks are about sending a message rather than stealing information, which means any organization in the targeted country could be in the firing line."

That framing matters. A bank, an airport, a defense-adjacent software firm. These are not random targets. They are symbols of American economic power, transportation infrastructure, and military capability. Seedworm, believed to be part of the Iranian Ministry of Intelligence and Security, chose them to demonstrate reach. The intrusions are a calling card, not a burglary.

This is the nature of asymmetric warfare in 2026. Iran cannot match the United States conventionally. It proved that conclusively on the battlefield. So it fights where it believes it still can: in the gray space between peace and war, behind screens, through code signed with fake names.

Sixty Groups, Tens of Thousands of Targets

The Seedworm campaign is not happening in isolation. Cybersecurity firm CloudSek assessed that more than 60 hacker groups mobilized within hours of the February 28, 2026, US-Iran military escalation. Sixty. Within hours.

That kind of rapid mobilization does not happen organically. It reflects pre-positioned networks, standing orders, and an ecosystem of proxy operators that Tehran has spent years cultivating. Some of these groups are direct state organs. Others are sympathizers and allies. The effect is the same: a distributed cyber army activating on command.

CloudSek's assessment included another detail that should focus minds in Washington: tens of thousands of US industrial control systems remain directly reachable from the internet. These are the systems that manage power grids, water treatment facilities, manufacturing lines, and transportation networks. Directly reachable. Not behind firewalls. Not air-gapped. Sitting on the open internet like unlocked doors.

The researchers warned of what comes next:

"The likely next steps for the nation's cyber actors and supporters may be multiple campaigns combining high-visibility disruption for political signaling and lower-visibility access operations for strategic leverage."

Translation: expect both spectacle attacks designed for headlines and quiet infiltrations designed to establish footholds for future use. The loud ones get attention. The quiet ones are more dangerous.

The Infrastructure Problem Nobody Fixed

For years, cybersecurity experts have warned that America's critical infrastructure is dangerously exposed. For years, Congress held hearings, agencies published frameworks, and very little changed at the operational level where it counts. The systems that keep the lights on and the water flowing were built in an era when "networked" meant connected to a local terminal, not to the entire planet.

Retrofitting security onto decades-old industrial control systems is expensive, unglamorous work. It does not generate viral moments or campaign ads. It requires sustained investment, technical expertise, and the kind of grinding bureaucratic follow-through that Washington is structurally allergic to. So the systems sit there, exposed, while threat actors from Tehran to Beijing map them at their leisure.

This is not a hypothetical vulnerability. Seedworm just proved it is an active one.

The Battlefield Has No Borders

The physical conflict with Iran has produced decisive results. The major military offensive killed the country's supreme leader and several senior officials. On the conventional battlefield, American and Israeli power proved overwhelming. But wars do not end cleanly, and defeated regimes do not go quietly.

The researchers put it plainly:

"Because of the heated tension in the region and ongoing attacks, it is likely Iran and its allies may also initiate cyber operations to further target their adversaries."

This is the predictable cost of victory against a regime that spent decades building proxy networks, both physical and digital. Iran's conventional military is shattered. Its cyber infrastructure is not. The MOIS-linked groups, the hacktivist affiliates, the sixty-plus cells that spun up overnight: these survive kinetic strikes. They operate from dispersed locations, use civilian internet infrastructure, and require nothing more than electricity and an internet connection.

Winning the shooting war was necessary. Winning the cyber war that follows requires a different kind of vigilance.

What Comes Next

The Seedworm campaign is almost certainly not the last. It may not even be the most sophisticated one currently underway. The discovery of Dindoor, a previously unknown backdoor, suggests Iranian cyber capabilities are still evolving. New tools mean new operations, and what Symantec and Carbon Black found is likely a fraction of what is deployed.

The targets tell the story of what Iran wants America to feel: vulnerability at the bank, at the airport, in the defense supply chain. Every institution that keeps the country running is, in its calculus, fair game.

Tens of thousands of industrial control systems. Reachable from the open internet. That is not Iran's failure. That is ours.

Related posts:

  1. U.S. Accuses Chinese Officers, Hackers in Broad Cyber Espionage Operation
  2. Chinese Hack Into U.S. Treasury In Major Cybersecurity Breach
  3. North Korean Cyber Intruder Caught at U.S. Security Firm
  4. FBI Seeks Man in Anchorage Mall Bank Theft
  5. U.S. Set To Charge in Trump Campaign Hacking Allegedly Tied to Iran
  6. Pentagon Ends Use of Chinese Coders in Cloud Networks
  7. Federal Lawsuit Accuses Comerica Bank Of Exploiting Vulnerable Clients
  8. Israel Pushes U.S. to Strike Iran as Tensions Rise Over Nuclear Site
  9. 'Burberry Bandit' freed after alleged NYC bank robbery spree
  10. ‘U.S. Retreats on Russian Defense Strategy’: Trump's New Policy Directive Criticized
Copyright 2024, Thin Line News LLC
Privacy Policy