Hackers tied to Iran’s government disrupted operations at several U.S. critical infrastructure sites, according to warnings from the FBI, CISA, NSA, EPA, DOE, and U.S. Cyber Command.
The agencies warned of an Iranian-affiliated advanced persistent threat (APT) group targeting programmable logic controllers, or PLCs, the devices that bridge automation software with physical equipment in settings such as factories, water treatment plants, oil refineries, and other industrial environments.
The advisory noted that the PLCs targeted were deployed across multiple sectors, including Government Services and Facilities, Waste Water Systems, and Energy, with some victims reporting operational disruption and financial losses.
Security firm Censys reported that 5,219 Rockwell Automation/Allen-Bradley PLCs were exposed to the Internet, about 75 percent of which were located in the United States. The researchers described the attackers’ workflow as using a single multi-home Windows engineering workstation running the Rockwell toolchain.
Experts warn that the incidents underscore growing cybersecurity risks to critical infrastructure amid heightened geopolitical tensions. Agencies urged organizations to lock down PLCs, restrict remote access, and review vendor software to mitigate exposure and prevent further disruption.
