Cyberwar expands into supply chains
The Iran conflict is spilling into cyberspace and analysts warned that nation‑state cyber operations are a growing risk for supply‑chain and logistics operators reported. Logistics networks with weak segmentation or legacy OT systems could face disruptive attacks that interrupt both digital and physical flows.
CISA, the FBI, DC3 and NSA released a joint fact sheet on June 30, 2025 warning Iranian state‑aligned actors may target U.S. critical infrastructure. (cisa.gov) Palo Alto Networks’ Unit42 flagged a post‑February 28, 2026 spike in Iran‑linked activity that included DDoS, data‑exfiltration and wiper operations tied to the wider kinetic escalation, and reported Iranian internet connectivity dropped to between 1–4% during the immediate aftermath. (unit42.paloaltonetworks.com) The Port of Seattle detected system outages consistent with a ransomware incident on August 24, 2024 attributed to the Rhysida group, and later disclosed that roughly 90,000 individuals were impacted by the resulting data breach notifications. (portseattle.org) Expeditors International shut down most global operating systems after a February 20, 2022 cyberattack, recording roughly $40 million in lost demurrage and $20 million in remediation costs for a total reported impact of about $60 million. (businesswire.com) A.P. Moller‑Maersk estimated the 2017 NotPetya wiper attack cost the company between $200 million and $300 million, underscoring how a single malware event can translate directly into large revenue losses for shipping and terminal operators. (cnbc.com) CISA’s technical advisories note Iranian actors have relied on password‑spraying and MFA “push bombing” since October 2023 and explicitly recommend disconnecting OT/ICS from the public internet, applying patches, and enforcing phishing‑resistant MFA for OT access. (cisa.gov) Historic supply‑chain compromises such as the July 2021 Kaseya incident (affecting roughly 1,500 downstream businesses) and the 2020 SolarWinds SUNBURST backdoor demonstrate how third‑party WMS/TMS and managed‑service vendors can be leveraged to cascade operational outages across logistics networks. (bleepingcomputer.com) Sector researchers including Trellix and SentinelOne report Iran remains one of the most active nation‑state cyber operators as of early March 2026, and intelligence teams are publishing IOCs and tooling datasets intended to help defenders hunt compromises in logistics and distribution environments. (trellix.com)
