Luma

Free

In 2 weeks

Iran Cyber Threat Briefing: Recent Operations in theContext of US-Iran Conflict

Name: Iran Cyber Threat Briefing: Recent Operations in theContext of US-Iran Conflict
Start: 2026-04-28T15:00:00+00:00
End: 2026-04-28T16:00:00+00:00

by Cracken

Tuesday, April 28, 2026 · 3:00 PM – 4:00 PM

TBA

1 attending

View on LumaAdd to Calendar

Are you the organiser? Promote this event on Rifio

About this event

On April 7, the FBI, CISA, NSA, EPA, DOE, and Cyber Command issued a joint advisory warning that Iranian APT actors are exploiting programmable logic controllers across US critical infrastructure.

Victims in the energy, water, and government sectors experienced operational disruption and financial loss. The IOC timeframes in that advisory stretch back to January 2025.

That advisory didn't appear in a vacuum. In March, an MOIS-linked group wiped tens of thousands of devices at Stryker Corporation using the company's own device management platform. No malware was involved. Weeks before that, Symantec confirmed Seedworm — another MOIS unit — had been sitting inside the networks of a US bank, an airport, and a defense software contractor since early February. Before the first strike on Iran. And none of this started in 2026. The CyberAv3ngers compromised 75 Unitronics PLCs across US water systems in late 2023. Iran has been running offensive cyber operations against Western targets since Shamoon hit Saudi Aramco in 2012.

The current conflict accelerated the tempo. It didn't create the capability. These are funded programs with institutional mandates, established access, and tooling pipelines that operate on their own timelines. A ceasefire doesn't disband the units. It doesn't revoke the footholds they've already established in US networks.

Jesse Nuese, Head of Business Development at Cracken, will deliver a focused briefing covering what Iranian cyber operations actually look like right now, how the major incidents of the past two months connect, and what the pattern tells us about what comes next.

What this session covers

Iran's three-tier cyber architecture

IRGC units, MOIS APTs, and the hacktivist and proxy layer. Why this structure produces sustained capability independent of any single geopolitical trigger.

The campaign arc

From CyberAv3ngers through Seedworm pre-positioning, the Stryker wiper, and the April 7 PLC advisory. How the operations connect. What the progression reveals about intent and capability.

The TTP shift that matters

MDM weaponization. Legitimate configuration software used to access industrial controllers. Why these campaigns are built to look like normal administrative activity.

The validation gap

The April 7 advisory tells organizations to test their security controls against documented ATT&CK; techniques. Most can't. What closing that gap actually requires.

Who this is for

CISOs, security directors, and OT security engineers at US organizations in energy, water and

wastewater, healthcare, financial services, and defense supply chains.

Presented by

Jesse Nuese

Head of Business Development, Cracken

Create a free account to see descriptions, save events, and more

Topics & Tags

Tech

Date & time

Tuesday, April 28, 2026 · 3:00 PM – 4:00 PM

America/New_York

Location

TBA

America/New_York

Attendance

1 going · 1 spots

99 spots remaining

Organised by

Cracken

Type

independent

SourceLuma

UpdatedApr 15, 2026

About Iran Cyber Threat Briefing: Recent Operations in theContext of US-Iran Conflict

Iran Cyber Threat Briefing: Recent Operations in theContext of US-Iran Conflict is a free independent taking place on Tuesday, April 28, 2026 at a venue to be announced. This independent is organised by Cracken. Attendance is free — register to secure your spot. Currently 1 person has registered out of 1 spots. The event runs for approximately 1 hour.