Iran-Linked Hackers Target US Energy, Water Systems

U.S. federal agencies have issued a stern warning regarding a surge in disruptive cyberattacks orchestrated by Iran-affiliated advanced persistent threat (APT) actors. These campaigns are specifically targeting internet-facing operational technology (OT) devices, including Programmable Logic Controllers (PLCs) from manufacturers like Rockwell Automation/Allen-Bradley. According to the joint alert, these attackers are exploiting vulnerabilities to manipulate industrial control systems, leading to disruptions in critical U.S. energy and water infrastructure. The activity involves malicious interactions with project files and manipulation of data displayed on Human Machine Interfaces (HMIs) and Supervisory Control and Data Acquisition (SCADA) systems.

The alert notes that these disruptive attacks have already impacted victims within the last month, coinciding with escalating U.S.-Israel strikes against Iran. This isn’t the first time Iranian hackers have been linked to such sophisticated attacks on U.S. critical infrastructure, but the coordinated warning from multiple agencies underscores the heightened threat level and the specific focus on OT environments. The agencies involved include the FBI, NSA, CISA, EPA, Department of Energy, and Cyber Command, highlighting the broad national security implications of these cyber operations.