Skip to content
Tech News
← Back to articles

US warns of Iranian hackers targeting critical infrastructure

2026-04-07 | original
read original get Cybersecurity USB Defense Kit → more articles
Why This Matters

The US government has issued a warning about Iranian-linked hackers targeting critical infrastructure through Internet-exposed PLCs, with recent campaigns causing operational disruptions and data manipulation. This highlights the increasing cyber threats facing essential sectors like energy, water, and government services, emphasizing the need for enhanced cybersecurity measures. Protecting these systems is crucial to maintaining national security and public safety in an era of escalating cyber warfare.

Key Takeaways

Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations.

The warning came earlier today in the form of a joint advisory authored by the FBI, CISA, NSA, the Environmental Protection Agency (EPA), Department of Energy (DOE), and the United States Cyber Command – Cyber National Mission Force (CNMF).

The authoring agencies said that these ongoing attacks have targeted organizations across multiple U.S. critical infrastructure sectors (including Government Services and Facilities, Water and Wastewater Systems, and Energy), and have resulted in financial losses and operational disruptions since March 2026.

"The FBI assesses a group of Iranian-affiliated APT actors are targeting internet-exposed PLCs with the intent to cause disruptions—including maliciously interacting with project files, and manipulating data displayed on HMI and SCADA displays—to U.S. critical infrastructure organizations," the advisory warns.

"Iranian-affiliated APT targeting campaigns against U.S. organizations have recently escalated, likely in response to hostilities between Iran, and the United States and Israel."

"The FBI identified that this activity resulted in the extraction of the device's project file and data manipulation on HMI and SCADA displays," the U.S. agencies added.

A similar advisory issued in November 2023 warned that the CyberAv3ngers threat group, affiliated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC), had been exploiting vulnerabilities in U.S.-based Unitronics operational technology (OT) systems.

Between November 2023 and January 2024, CyberAv3ngers hackers compromised at least 75 Unitronics PLC devices across multiple waves of cyberattacks, half of which were in WWS critical infrastructure networks.

To defend against such attacks, network defenders are advised to disconnect PLCs from the Internet or secure them using a firewall, scan logs for indicators of compromise shared in today's joint advisory, and check for suspicious traffic on OT ports (especially traffic originating from overseas hosting providers).

They should also implement multifactor authentication (MFA) for access to the OT network, keep PLCs up to date with the latest available firmware, disable all unused services and authentication methods (such as default authentication keys), and monitor network traffic for suspicious activity.

... continue reading

Explore topics: iranian hackers rockwell automation scada systems cisa fbi
Related:
Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure
Iranian hackers are targeting American critical infrastructure, U.S. agencies warn
Iranian hackers are targeting American critical infrastructure, US agencies warn
Trump’s War on American Cybersecurity Ramps Up With Planned $700 Million Cuts to CISA
FBI: Americans lost a record $21 billion to cybercrime last year

© 2026 GoKawiil

About | Editorial Policy | Contact