SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Cyber ops center iran vs west global threat map oil refinery silhouette
#
DR
#
DevOps
#
Surveillance

Horizon3.ai opens Iranian cyber threat intel to all

Tue, 17th Mar 2026
Author image
By Kaleah Salmon, News Editor

Horizon3.ai has expanded access to Iranian threat intelligence and defensive guidance within its NodeZero platform as security teams brace for a potential uptick in state-linked cyber activity targeting US and allied organisations.

The update temporarily makes Iranian threat actor intelligence available to all NodeZero customers. Horizon3.ai also published recommended defensive measures focused on common initial access routes and incident response readiness.

The guidance ties the heightened risk to growing geopolitical tensions and recent strikes on Iranian infrastructure, including banking and oil facilities. Horizon3.ai said Iranian leaders have signalled retaliatory action against Western targets, and that cyber operations are likely to be part of that response.

Attack expectations

Horizon3.ai anticipates a shift towards decentralised activity resembling "cyber guerrilla warfare". It said this could include attempts to disrupt the US Defence Industrial Base, to create domestic disruption by affecting banking and telecommunications, and to target oil and gas infrastructure to trigger market instability.

The company pointed to what it described as early indicators of escalation, including attacks on AWS data centres in the United Arab Emirates and Bahrain, and incidents involving Stryker Medical and hospital systems in the UK.

It also cited techniques it associates with Iranian-linked operations, including destructive data wipers, unauthorised access to CCTV systems such as Hikvision cameras, and false social media claims intended to drive confusion and panic.

Looking ahead, Horizon3.ai said analysts expect intensified operations in the coming weeks. The company listed potential impacts across defence manufacturing and repair, oil and gas, financial systems, cloud service providers, healthcare, and state, local, and education entities.

Defence focus

The recommendations emphasise initial access security. Horizon3.ai highlighted VPNs and edge devices as recurring entry points and referenced vulnerabilities in the US Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalogue, including issues affecting Fortinet, Ivanti, and Citrix NetScaler products.

Active Directory features prominently in the guidance, along with the risk of compromised credentials. It also highlights Remote Management Tools, which Horizon3.ai said can provide a path for attackers when vulnerabilities are known and exposed.

The immediate action list includes assessing and remediating attack surfaces tied to Iranian tactics, techniques, and procedures. Horizon3.ai also recommends deploying decoys across networks, particularly in Active Directory environments, to improve detection and shorten response times.

Further steps include reviewing Security Operations Centre controls, such as Endpoint Detection and Response and Security Information and Event Management tools. Horizon3.ai also urged organisations to rehearse containment and eradication workflows, identify and protect critical data, and practise backup and recovery procedures.

Horizon3.ai positions NodeZero as an AI-driven security testing platform that maps exploitable paths through an environment. The company said it has integrated real-world tactics, techniques, and procedures directly into the platform, giving users visibility into vulnerabilities state-sponsored actors are most likely to target and how attackers chain weaknesses into multi-step intrusions.

Horizon3.ai said it has increased attack research capacity to broaden coverage of known Iranian tactics and procedures in NodeZero and expanded access to Iranian threat actor intelligence across its customer base.

"Right now we need to rally as practitioners and work together to plug security holes, build confidence that SOC tools are working, and create muscle memory for how to respond to attacks. It's about training like we fight so we know exactly what to do when things go awry," said Snehal Antani, CEO and Co-Founder, Horizon3.ai.

The company said the situation is changing quickly and framed readiness as the main variable within an organisation's control.

"This is a fluid situation that changes daily. We can't control what the adversary will do, we can only control our readiness and ability to defend the enterprise," said Antani.

Horizon3.ai said the expanded intelligence and updated guidance are available immediately, and it expects security teams to adjust priorities as the threat picture evolves.

Related stories
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Cyber insurance now common among North American SMBs
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
Autonomize launches healthcare AI platform version 3
CERN joins OpenSearch foundation as associate member