FBI Warns Iran-Linked Hackers Target U.S. Infrastructure as Trump Threatens Bombing Campaign

Trump's Threats Spark Infrastructure Vulnerability Warning

As President Donald Trump ratchets up threats to bomb Iranian power plants and bridges, federal security agencies warned Tuesday that Iran-linked hackers are already targeting the industrial control systems that run America's water treatment plants, electrical grids, and energy facilities.

The multi-agency cybersecurity advisory -- issued jointly by the FBI, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, Department of Energy, and U.S. Cyber Command -- reveals that Iranian-affiliated cyber actors are exploiting internet-connected devices that control critical industrial processes.

"Iran-affiliated cyber actors are targeting operational technology devices across U.S. critical infrastructure, including programmable logic controllers," the FBI Cyber Division wrote on X Tuesday, urging municipalities and energy sector operators to immediately review their systems for signs of compromise.

Escalating Attacks in Response to U.S. Hostilities

The agencies said Iranian targeting campaigns "have recently escalated, likely in response to hostilities between Iran, and the United States and Israel." Threat actors are using overseas-based IP addresses to access internet-enabled industrial computers with the intent to cause disruptions.

Specifically, hackers have been exploiting industrial control systems manufactured by Rockwell Automation and its subsidiary Allen-Bradley to extract project files and alter data displays -- the kind of manipulation that could allow attackers to shut down water treatment systems, manipulate energy grids, or cause other infrastructure failures.

The advisory recommends immediate action: disconnect vulnerable devices from public-facing internet systems, implement multifactor authentication, and add firewall protections to control access.

Russian Hackers Also Targeting Home Networks

The cybersecurity warnings extended beyond Iran. On Tuesday, Microsoft disclosed that a Russian military-linked threat actor known as Forest Blizzard has compromised over 5,000 consumer devices and impacted 200 organizations by hijacking home and small-office routers.

The group modifies router settings to turn everyday internet equipment into malicious infrastructure used for espionage and attacks supporting Russian government foreign policy objectives, according to Microsoft's security blog.

Threats Escalate Amid Trump's Ultimatum

The warnings come more than five weeks after the U.S. and Israel first bombed Iran and about two weeks after a pro-Iranian group claimed responsibility for hacking FBI Director Kash Patel's personal online account -- a breach that underscored the vulnerability of even high-level government officials to foreign cyber operations.

Hours after the infrastructure warnings, Trump issued an 8 p.m. EDT deadline for Iran to reopen the Strait of Hormuz or face destruction of its "whole civilization, never to be brought back again," he wrote on Truth Social early Tuesday.

United Nations Ambassador Amir-Saeid Iravani responded that Iran will "take immediate and proportionate reciprocal measures" if Trump follows through on his threats.

Why This Matters

The convergence of Trump's escalating military threats and confirmed Iranian cyber operations against U.S. critical infrastructure creates a dangerous feedback loop. As the administration threatens to bomb civilian infrastructure in Iran, Iranian-affiliated hackers are positioning themselves to retaliate against American water systems, power grids, and energy facilities.

Unlike conventional military strikes, cyberattacks on industrial control systems can be launched instantly, with potentially catastrophic consequences for American communities. A successful attack on water treatment facilities could contaminate drinking water for thousands. Manipulation of electrical grid controls could cause widespread blackouts.

The agencies' urgent advisory makes clear that the threat is not hypothetical -- Iranian actors are already inside these systems, extracting files and altering displays. The question is whether Trump's threats will trigger them to move from reconnaissance to attack.

For municipalities and critical infrastructure operators, the message is clear: disconnect vulnerable systems from the internet immediately. For the rest of us, the warning is equally stark: Trump's reckless saber-rattling is inviting retaliation that could hit American communities directly.