Iranian Hackers Target US Critical Infrastructure via PLCs

Iranian government-backed hackers are actively disrupting operations at several US critical infrastructure sites, likely as a retaliatory measure in the ongoing conflict with the US. This urgent warning comes from a coalition of US agencies, including the FBI and the Department of Energy, highlighting the targeting of programmable logic controllers (PLCs). These devices, crucial for automation in industrial settings like water treatment centers and oil refineries, are being compromised, leading to significant operational disruptions and financial losses.

Since March 2026, the Iranian-affiliated advanced persistent threat (APT) group has been identified as the culprit behind these disruptions. The PLCs affected are integral to various sectors, including Government Services, Waste Water Systems, and the Energy sector. The attack has primarily focused on PLCs manufactured by Rockwell Automation/Allen-Bradley, with a significant number of these devices exposed to the Internet, making them vulnerable to attacks. Security firm Censys reported that 75% of these exposed devices are located in the US, often in remote areas.

The hackers are utilizing a single multi-home Windows engineering workstation running the Rockwell tool chain to execute these attacks. This sophisticated approach underscores the critical need for enhanced cybersecurity measures to protect vital infrastructure from such threats.