Iranian Hackers Target Over 5,200 US Industrial Devices

Cyber Threat Intelligence is highlighting a concerning campaign by Iranian government-backed attackers that has put over 5,200 internet-connected devices at risk. Researchers at Censys reported that a significant portion of these devices, nearly 3,900, are located within the United States and are particularly vulnerable. The targeted hardware includes programmable logic controllers (PLCs) from Rockwell Automation/Allen-Bradley, critical components in industrial control systems.

This offensive, which has already disrupted multiple sectors and caused financial losses for some victims, specifically targets operational technology (OT) deployed in the energy sector, water and wastewater systems, and U.S. government services and facilities. The findings by Censys were based on a joint alert issued by U.S. federal agencies, including the FBI, NSA, and CISA, which also provided indicators of compromise for threat hunting.

Federal authorities have been sounding the alarm about Iranian state actors exploiting these industrial automation devices. The sheer number of exposed PLCs underscores the persistent threat to critical infrastructure and the sophisticated methods employed by nation-state adversaries to gain access and cause disruption. This situation calls for immediate attention to securing OT environments.