New research from Claroty’s Team82 has detailed how emergency warning and public address (PA) systems can be targeted in what the company describes as cyber-psychological operations aimed at undermining public confidence in government protection measures.
The research focuses on claims by the Iran-linked group CyberAv3ngers that it “silenced” emergency sirens during a missile attack on Israel, with the stated intent of weakening citizen trust. Claroty said the activity highlights the risks posed by legacy technology used in critical infrastructure and the potential for attacks on public warning systems to be used for psychological effect alongside physical conflict.
In the report summary, Team82 said threat actors have claimed unauthorised access to legacy broadcast equipment that is often insecure. It said Iran-affiliated actors linked to the Islamic Revolutionary Guard Corps and the Ministry of Intelligence of the Islamic Republic of Iran have claimed to hijack emergency alerts and announcement systems to create an impression of broad domestic reach, beyond what may be required to conduct the intrusions.
The research points to legacy Barix devices as part of the case examined, arguing that the online reachability of older technology remains a significant problem for critical infrastructure operators, particularly where protocols lack authentication and devices are exposed to the internet with weak or default credentials.
Claroty said the Barix technology referenced has been updated by the vendor, but noted that updates in many cyber-physical environments are manual and devices may continue to run vulnerable firmware. The report also argues that without full visibility into an operational environment, internet-facing devices can be more easily discovered and exploited, including by lower-skilled actors.
The research also places CyberAv3ngers within a broader set of activity targeting operational technology (OT) and connected IoT systems. Team82 highlighted the group’s reported development of a malware framework it calls IOCONTROL, which it said has been used against Linux-based SCADA and OT devices in civilian infrastructure, including devices such as routers, programmable logic controllers, human-machine interfaces and firewalls.
Separately, the email accompanying the report linked the findings to growing policy and intelligence attention on cyber-enabled threats to national resilience. It cited the head of ASIO, Mike Burgess, naming cyber warfare among Australia’s top national security threats in his 2026 annual threat assessment, and noted recent public claims by Iranian hackers relating to a cyberattack on US medtech company Stryker, which the email said put Australian hospitals on alert.
