An Iranian state-linked hacking group tied to the Islamic Revolutionary Guard Corps (IRGC) sabotaged industrial refrigeration systems at an Israeli food-processing facility, causing severe equipment failures and highlighting growing cyber risks facing operational technology networks, according to cybersecurity researchers.
The attack was detailed in a report by threat intelligence firm Profero, which described it as part of a broader covert cyber campaign known as the “War Between Wars,” involving sustained Iranian cyber operations against Israeli infrastructure and businesses.
According to the report, operators at the food-processing facility initially believed they were facing routine technical malfunctions after refrigeration units began overheating and storage temperatures rose unexpectedly. Engineers repeatedly replaced damaged compressors without realizing the failures were being deliberately triggered through unauthorized manipulation of industrial control systems.
Investigators later determined that attackers had gained access to the plant’s operational technology (OT) environment and altered refrigeration control parameters. By manipulating temperature thresholds, pressure settings, and compressor operating cycles, the hackers forced the equipment to function outside safe limits, eventually causing multiple compressor failures and disrupting production.
The attackers reportedly maintained access long enough to interfere with troubleshooting efforts. Plant personnel continued replacing damaged components while the malicious operating conditions remained active, causing additional failures and extending the disruption. Three industrial compressors were ultimately destroyed before the cyber intrusion was identified.
Researchers said the incident differed from conventional ransomware attacks because the primary objective appeared to be physical sabotage rather than financial extortion or data theft. The attackers exploited legitimate engineering functions inside industrial control systems, allowing them to manipulate real-world processes while avoiding immediate detection.
The Profero report also said investigators uncovered a destructive disk-wiping program disguised as a Microsoft software update elsewhere in the affected network. The malware was designed to erase systems and hinder recovery efforts, suggesting the operation combined industrial sabotage with broader network disruption.
The incident forms part of a wider pattern of cyber operations targeting critical infrastructure in the Middle East. U.S. agencies, including the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency, and the Department of Energy, warned earlier this year that Iranian-affiliated hackers were actively targeting internet-connected industrial control systems and programmable logic controllers across multiple sectors.
You can join Unravelling Geopolitics on Reddit
Get latest posts from the website as well as share and discuss news, research and analyisis about all things related to Geopolitics.
Join Our SubredditCybersecurity researchers have increasingly linked IRGC-associated groups, including CyberAv3ngers, to attacks against water utilities, energy facilities and industrial operators. In several cases, attackers have been accused of manipulating control systems directly rather than relying solely on traditional malware or espionage techniques.
Security analysts say the food-plant attack illustrates a growing shift in cyber conflict, where digital intrusions increasingly produce physical consequences. Rather than merely stealing information or encrypting files, attackers are targeting industrial processes themselves, creating risks ranging from equipment destruction and production shutdowns to broader threats against critical infrastructure.
Tanmay Kadam is a geopolitical observer based in India. He has experience working as a Defence and International Affairs journalist for EurAsian Times. He can be contacted at tanmaykadam700@gmail.com.