Iran-Linked Hackers Wreak Havoc on US Critical Infrastructure, Government Warns

Iranian-affiliated hackers are escalating their cyberwarfare against the United States by targeting critical infrastructure systems, according to a joint advisory from six US government agencies. Since at least March 2026, this advanced persistent threat (APT) group has been compromising programmable logic controllers (PLCs) — small but crucial devices that bridge automation computers and physical machinery in factories, water treatment plants, oil refineries, and other essential facilities.

The FBI, Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), Department of Energy (DOE), and US Cyber Command issued a rare unified warning highlighting the severity of the threat. These PLCs, often located in remote and vulnerable sites, have been manipulated to disrupt operations, causing both functional breakdowns and financial losses across sectors vital to national security and public safety.

Among the targeted hardware are PLCs manufactured by Rockwell Automation/Allen-Bradley, a widely used brand in industrial automation. Security researchers at Censys revealed that over 5,200 of these devices are exposed to the internet, with 75 percent located within the United States. The attackers have been leveraging a single Windows engineering workstation running Rockwell’s toolchain to infiltrate and manipulate these devices, demonstrating a focused and sophisticated campaign.

This attack campaign comes amid ongoing geopolitical tensions between the US and Iran, signaling an alarming willingness by Tehran to weaponize cyber tools against civilian infrastructure. The targeting of water and energy systems raises the stakes far beyond espionage or data theft, threatening the basic functioning of communities and critical services.

The coordinated government alert underscores the urgent need for increased cybersecurity measures in industrial control systems, many of which remain vulnerable due to outdated protections and remote deployment. As Iran continues to escalate cyberattacks, the US must bolster defenses to prevent further disruption and potential catastrophic consequences.

This incident is a stark reminder that authoritarian regimes are not just undermining democracy at home but are actively seeking to destabilize democratic nations through covert cyber aggression. Holding these actors accountable requires transparency, vigilance, and a robust response that aligns with our commitment to national security and democratic integrity.