In late June 2025, a ceasefire was announced between Iran and Israel, raising hopes for a reduction in regional tensions. But those hopes are dimming. While a ceasefire has been announced, tensions remain high, with reports of continued unrest and limited engagement on both sides. As a result, the cybersecurity community remains on high alert amid the persistent threat of retaliatory cyberattacks.
For U.S. critical infrastructure—especially sectors like water, energy, and healthcare—this means the risk hasn’t passed. It has evolved.
At BitLyft, we don’t believe in spreading fear. But we do believe in situational awareness, proactive defense, and clear communication. Here’s what you need to know about the current threat landscape, why it matters in Michigan and beyond, and what steps organizations can take to prepare.
The Department of Homeland Security (DHS) issued a National Terrorism Advisory bulletin in late June, warning that, despite diplomatic progress, cyber actors aligned with Iran may still attempt attacks against U.S. networks, particularly those related to critical infrastructure.
This warning isn’t speculative. In late 2024, Iranian-affiliated group CyberAv3ngers, reportedly linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), infiltrated U.S. water utilities by exploiting Israeli-made programmable logic controllers (PLCs), altering system logic, and causing limited but symbolic disruptions.
Even though the physical damage was contained, the incident made one thing clear: Iranian cyber groups are not just capable—they’re willing and motivated.
Recent joint advisories from CISA, the FBI, and NSA emphasize that these groups rely on:
The ceasefire may slow conventional attacks, but cyber operations are not bound by borders or treaties.
Critical infrastructure sectors at the top of the target list include:
These sectors are interconnected, meaning a successful breach in one can cascade into others. With ceasefire violations ongoing, it’s clear the cyber threat hasn’t ended with the headlines.
Michigan plays a key role in the nation’s critical infrastructure. From power production and clean water delivery to auto manufacturing and regional healthcare, our state’s systems are part of a broader ecosystem that adversaries could exploit.
The Michigan Cyber Command Center (MC3) continues to work closely with federal agencies to assess vulnerabilities and support local utilities. For example, Michigan’s Department of Environment, Great Lakes, and Energy (EGLE) is helping drinking water providers improve their cybersecurity posture and comply with new federal incident reporting rules (Michigan EGLE, 2024).
BitLyft, headquartered in Michigan, supports this effort by working with organizations across the state and country to reduce risk, detect threats early, and respond fast, especially for teams that don’t have large security budgets or internal staff.
Another major story this month: headlines about 16 billion stolen passwords surfacing online. While not tied to a single breach, researchers say this staggering number is a collection of years of leaked credentials, gathered and sold or shared on the dark web.
Even if these passwords aren’t freshly stolen, they’re still dangerous.
Credential stuffing, phishing, and privilege escalation attacks all rely on reused or weak passwords, many of which now exist in public databases. Nation-state groups (including those affiliated with Iran) often use stolen credentials as an initial foothold in campaigns against U.S. systems.
You can’t control global politics, but you can prepare. Here’s what every organization, utility, or business leader should consider in the current climate:
“As we digest the information we've watched unfold over June 22, 2025, we have to be vigilant, with the US bombing 3 nuclear sites in Iran and Iranian responses warning of activating "sleeper-cell terror" in the U.S., which could include cyber operations. These claims, however, lack independent verification and should be treated as inconclusive, but also yield caution. Maintaining extra special vigilance over critical infrastructure is essential, especially given the current tensions with Iran and its history of cyberattacks. Cyber terror attacks do not typically come with an advanced warning; you'll find out when your systems are attacked, and then it's too late to prevent it. I recommend planning for the worst, and being prepared for the best outcomes.” - Jason Miller, BitLyft Founder & CEO.
Whether you're running a water treatment plant in Grand Rapids, managing a power grid in Detroit, or operating a manufacturing facility anywhere in between, you're part of America's critical infrastructure. That makes you a target—but it doesn't have to make you a victim.
Our True MDR platform gives you enterprise-level security without the enterprise-level price tag, by combining machine speed with human intelligence to help organizations:
We do this with the understanding that not everyone has a full SOC team or a large security budget. We’ve helped small water utilities with no dedicated IT staff defend against attacks, and we’ve supported DoD manufacturers through ransomware events they couldn’t afford to face alone.
If you’re part of the country’s critical infrastructure, you’re on the radar. But you don’t have to be an easy target.
Ready to move from reactive to resilient? Let's talk about how BitLyft can help you stay ahead of the threats that never sleep.