Iran-linked hackers disrupt operations at US critical infrastructure sites

Key Points:

• Multiple U.S. government agencies, including the FBI and NSA, have issued an urgent advisory warning that Iranian government-backed hackers are disrupting operations at critical U.S. infrastructure sites by targeting programmable logic controllers (PLCs) used in industrial automation.
• Since March 2026, these hackers have compromised PLCs across sectors such as government services, wastewater systems, and energy, causing operational disruptions and financial losses; devices from Rockwell Automation/Allen-Bradley are among the primary targets.
• The attackers use legitimate vendor software to access internet-exposed PLCs without zero-day exploits, leveraging a Windows engineering workstation and Remote Desktop Protocol over a non-standard port to manipulate industrial control systems.
• This activity follows a pattern of Iranian cyber operations against U.S. infrastructure, including previous attacks by groups like CyberAg3ngers and Handala, with recent incidents coinciding with heightened geopolitical tensions and military actions involving Iran.
• The advisories include technical details and mitigation guidance, emphasizing that cyberattacks on critical infrastructure are expected to increase as the conflict with Iran continues.