Cyber Actors Use Vulnerable Devices to Target US and Global Infrastructure

Advanced cyber threat actors are exploiting vulnerable devices to gain covert entry into military, government, and critical infrastructure networks [1, 2].

This trend represents a significant escalation in risk because these entry points allow attackers to disguise their identities while bypassing traditional security perimeters. By targeting the hardware that manages essential services, actors can create persistent footholds in systems that are often poorly monitored compared to standard corporate IT environments [1, 3].

Reports published throughout 2026 indicate that these actors are specifically targeting industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) devices [2, 4]. These systems are the backbone of power grids, water treatment plants, and manufacturing facilities. When these devices are compromised, they serve as bridges into more secure internal networks ^[2].

Beyond industrial hardware, smartphones are being utilized as covert entry points ^[1]. This allows threat actors to leverage the mobility and connectivity of personal devices to infiltrate sensitive government or military environments ^[1].

There is an emerging divergence in how these attacks are executed. Some reports said that threat actors are now abusing artificial intelligence tools to automate attacks and develop exploits more rapidly [3, 4]. Other reports said the deployment of specialized new tools designed specifically for the unique protocols of ICS and SCADA devices is being emphasized ^[2].

These activities are occurring globally, targeting the most sensitive sectors of national security [1, 2]. The goal of these operations is to maintain a hidden presence within a network to facilitate long-term espionage, or prepare for disruptive actions [1, 3].