Iranian Hackers Target US Infrastructure as Trump Threatens "Whole Civilisation Will Die"

Iranian hackers are actively infiltrating critical infrastructure across the United States, targeting the systems that control water treatment plants, energy facilities, and government operations, according to a joint advisory issued Tuesday by the FBI, NSA, and multiple federal agencies.

The attacks are not theoretical. In several documented cases, the intrusions have already caused operational disruptions and financial losses at unnamed facilities. Hackers have manipulated data displays, extracted sensitive project files, and gained access to the industrial control systems that manage essential services Americans depend on daily.

The targets are alarmingly specific: programmable logic controllers and supervisory control and data acquisition displays, the specialized equipment used to monitor and control infrastructure operations. These are the systems that regulate water pressure, manage power distribution, and oversee facility operations. When compromised, they can cause cascading failures across entire sectors.

The advisory, jointly issued by the FBI, National Security Agency, Cybersecurity and Infrastructure Security Agency, Environmental Protection Agency, Department of Energy, and US Cyber Command, states that Iranian actors are seeking to cause "disruptive effects within the United States." The hacking campaigns have targeted organizations in government services, water and wastewater systems, and energy sectors.

The escalation comes amid a dangerous cycle of threats and retaliation. President Trump warned that "a whole civilisation will die tonight" if Iran fails to make a deal with the US, while Iran has promised to attack additional infrastructure targets across Gulf nations. The hackers appear to be responding directly to US-Israel attacks on Iran, according to the federal advisory.

This is not Iran's first digital incursion into sensitive American systems. Last month, hackers claiming Iranian affiliation breached FBI Director Kash Patel's personal email account, posting photos and documents stolen from his inbox. The timing was particularly embarrassing for an administration that has made "law and order" a central theme while its top law enforcement official's communications were compromised.

Another hacking group carried out a cyberattack on a major US medical device company, claiming the operation was retaliation for a missile strike on an elementary school in Iran. The attack interfered with the company's operations, potentially affecting medical care delivery.

The federal advisory reveals that in some intrusions, hackers have actively manipulated data files to alter what operators see on their displays, a tactic that could mask dangerous conditions or create false alarms that waste resources and erode trust in monitoring systems. They have also extracted device project data, potentially giving them blueprints for future, more damaging attacks.

What makes these attacks particularly concerning is their focus on publicly exposed systems. Many critical infrastructure operators have left industrial control systems accessible via the internet, often with weak authentication or outdated security protocols. Iranian hackers are systematically identifying and exploiting these vulnerabilities.

The involvement of six separate federal agencies in issuing the advisory underscores the severity of the threat. When the FBI, NSA, CISA, EPA, DOE, and Cyber Command coordinate a public warning, it signals that the threat has moved beyond theoretical concern to active, ongoing operations that pose real risks to public safety and national security.

The advisory does not name specific targeted organizations, likely to avoid further exposing victims or revealing investigative methods. But the breadth of sectors mentioned suggests the campaign is widespread and coordinated, not isolated opportunistic attacks.

As Trump escalates his rhetoric toward Iran with threats of civilizational annihilation, the reality is that Iranian actors are already inside American systems, probing for weaknesses and demonstrating their capability to disrupt essential services. The question is not whether they can cause damage, but whether they will choose to activate the access they have already gained.

For critical infrastructure operators, the message is clear: if your industrial control systems are accessible from the internet, assume they have been compromised or soon will be. The hackers are not coming. They are already here.