Iranian Hackers Target US Critical Infrastructure
▼ Summary
– Iranian state-backed hackers are disrupting US critical infrastructure, likely due to the ongoing conflict between the two countries.
– The hackers are specifically targeting programmable logic controllers (PLCs), which are key devices in industrial settings like water plants and energy facilities.
– Multiple US agencies issued an urgent warning, noting these attacks have caused operational disruption and financial losses since at least March 2026.
– A significant number of the targeted Rockwell Automation PLCs are exposed online, with most located within the United States.
– The attacks are being carried out using a compromised engineering workstation that runs the specific software needed to control these industrial devices.
A coordinated warning from multiple federal agencies reveals that state-sponsored hackers linked to Iran are actively targeting and disrupting vital American infrastructure. This campaign, which began earlier this year, is believed to be a direct response to the ongoing geopolitical conflict between the two nations. The advisory urgently highlights that an Iranian advanced persistent threat group is focusing its attacks on a specific type of industrial hardware.
The hackers are compromising programmable logic controllers, or PLCs, which are essential components in factories, water treatment facilities, and energy plants. These compact devices act as a critical bridge between digital control systems and physical machinery. By targeting them, the attackers can directly interfere with industrial operations.
Federal investigators confirmed that since at least March of this year, this Iranian-affiliated group has successfully disrupted PLC functions across several US critical infrastructure sectors. The impacted areas include government services, public water systems, and the energy sector. The advisory notes that some victim organizations have already suffered significant operational disruption and financial loss as a direct result of these intrusions.
A primary focus of the campaign involves PLCs manufactured by Rockwell Automation. A recent internet scan by security researchers identified thousands of these specific devices exposed online, with the vast majority located within the United States. The attackers are reportedly using a compromised Windows engineering workstation running Rockwell software as their launchpad for these breaches, often targeting equipment in remote industrial locations.
(Source: Ars Technica)
