Iranian Hackers Hit U.S. Energy and Water Systems as Trump Threatens "Whole Civilization Will Die"

Infrastructure Under Attack

Iranian-affiliated hackers are actively targeting computers that control U.S. energy and water utilities, federal agencies warned in a joint advisory issued this week. The attacks have already caused operational disruptions and financial losses, though agencies have not disclosed which specific utility companies were affected or whether Americans lost access to water or power.

The advisory -- issued by the Cybersecurity and Infrastructure Security Agency (CISA), FBI, and National Security Agency (NSA) -- confirms that the hacking campaign began last month after the U.S. and Israel launched airstrikes against Iran.

"The authoring agencies assess a group of Iranian-affiliated advanced persistent threat (APT) actors is conducting this activity to cause disruptive effects within the United States," the advisory states. Targets span multiple critical infrastructure sectors, including government facilities, water and wastewater systems, and energy providers.

Industrial Control Systems Compromised

The hackers specifically targeted programmable logic controllers (PLCs) -- specialized computers that control machinery in industrial settings like water treatment plants and power stations. According to the advisory, attackers altered information on displays connected to PLCs manufactured by Milwaukee-based Rockwell Automation and maliciously targeted project files that dictate how these devices operate.

In some cases, sources told CNN, the hackers attempted to deploy destructive malware designed to wipe data from victim computers. It remains unclear whether any such attacks succeeded.

The potential consequences of these attacks range from temporary system downtime to serious damage to critical equipment. In a worst-case scenario, successful attacks on water or energy infrastructure could leave communities without essential services.

CyberAv3ngers Returns

While the advisory does not name a specific hacker group, it notes the attacks share hallmarks of CyberAv3ngers, an Iranian-linked group believed to work for the Iranian Revolutionary Guard Corps. CyberAv3ngers previously disrupted water utilities in the U.S. and Israel in late 2023.

The advisory recommends organizations temporarily disconnect their PLCs from the public internet and implement other cybersecurity measures to protect against ongoing attacks.

Trump's Threats and the Ceasefire

Federal agencies issued the warning just hours after President Donald Trump threatened "devastating attacks" on Iran, declaring that "a whole civilization will die." Trump announced Tuesday evening that the U.S. and Iran had agreed to a temporary ceasefire, though it remains unclear what effect, if any, this will have on Iran's hacking campaigns.

The timing raises questions about whether the infrastructure attacks are part of Iran's broader retaliation strategy or whether they will continue despite diplomatic negotiations.

Broader Pattern of Iranian Cyberattacks

Iranian-linked hackers have ramped up attacks against U.S. and Israeli targets since the war began on February 28. The hacker group Handala carried out a crippling cyberattack last month against U.S.-based medical equipment manufacturer Stryker. Handala has also breached email accounts of numerous political analysts in Israel.

In a particularly brazen move, Handala successfully breached the email account of FBI Director Kash Patel -- the very official whose agency is now warning Americans about Iranian cyber threats. The breach underscores how Iranian hackers are targeting not just infrastructure but also high-level government officials responsible for national security.

What This Means

These attacks represent a dangerous escalation in cyber warfare targeting American civilians. Unlike traditional espionage operations that steal information, attacks on industrial control systems can cause physical damage and disrupt essential services that communities depend on for survival.

The federal government's advisory makes clear that Iranian hackers are not just probing for vulnerabilities -- they are actively exploiting them to cause "disruptive effects" inside the United States. With a temporary ceasefire in place but no clear resolution to the underlying conflict, Americans should expect these attacks to continue.