MAGNET S2 WEEKLY SNAPSHOT – 260419-1800Z
United States – 7 Day OSINT Overview
Reporting Period: 12–18 April 2026

MAGCON STATUS

MAGCON LEVEL 3 – ELEVATED

Credible threat reporting continues across cyber and lone-actor domains. No confirmed coordinated nationwide attack activity.

TREND VS LAST WEEK: STABLE

PRIMARY RISK DRIVERS

• Iran-linked cyber operations targeting U.S. infrastructure
• persistent foreign threat environment tied to Iran conflict
• continued ISIS-inspired and lone-actor attack plotting

DELTA SUMMARY

• sustained federal warnings on Iranian cyber targeting of U.S. infrastructure
• continued public reporting of Iran-linked threat posture toward U.S.-based targets
• additional confirmation of disrupted ISIS-inspired plots tied to New York targets

SECTOR THREAT LEVELS

Terrorism / Extremism: ELEVATED
Cyber Activity: ELEVATED
Critical Infrastructure: ELEVATED
Civil Unrest: ROUTINE
Transportation Systems: ROUTINE
Supply Chain: HEIGHTENED

GLOBAL CHOKEPOINT WATCH

Strait of Hormuz: ELEVATED
Bab el-Mandeb / Red Sea: ELEVATED
Panama Canal: ROUTINE

KEY INCIDENTS

United States – Iran-Linked Cyber Targeting
U.S. agencies warned that Iranian-affiliated cyber actors are actively targeting critical infrastructure sectors including water, wastewater, energy, and government systems. Activity includes exploitation of internet-facing PLC and SCADA systems, with some incidents causing operational disruption and financial impact.

United States – FBI Iran Threat Reporting
Federal intelligence reporting indicates Iran continues to pose a persistent threat to U.S. military personnel, government facilities, Jewish and Israeli institutions, and Iranian dissidents within the United States. No broad public threat identified.

United States – ISIS-Inspired Plot Activity
Recent FBI and DOJ releases confirm continued disruption of ISIS-inspired plots targeting Jewish locations in New York, including attempted attacks involving explosives and planned mass-casualty events.

CYBER / INFRASTRUCTURE

Industrial Control System Targeting
Iran-linked actors are actively scanning and exploiting exposed industrial control systems, particularly PLC devices used in municipal and utility environments.

Disruption-Oriented Activity
Cyber operations are assessed as capable of causing localized service disruption rather than nationwide system failure, with observed impacts including manipulation of system interfaces and data extraction.

EMERGING INDICATORS

• increased scanning of internet-facing infrastructure systems
• phishing and credential harvesting linked to nation-state actors
• continued targeting interest in Jewish and symbolic locations
• overlap between geopolitical escalation and domestic threat posture

VERIFIED STATUS

No confirmed coordinated terrorist campaign in the United States.
No confirmed nationwide critical infrastructure failure.

OPERATOR GUIDANCE

• report phishing, credential abuse, and suspicious MFA activity
• review exposure of internet-facing systems and remote access points
• maintain awareness at religious, government, and symbolic locations
• monitor for suspicious activity tied to public events or facilities
• avoid amplifying unverified threat reporting

Submit reporting through MAGNET channels.

To Learn More About MAGNET, Visit www.MAGNETHF.COM