Half a dozen government agencies are warning that hackers working on behalf of the Iranian government are disrupting operations at several U.S. critical infrastructure sites, possibly in response to the country’s ongoing war with the United States.
In an advisory published Tuesday, the FBI, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, Department of Energy and U.S. Cyber Command warned “urgently” that the APT, or Advanced Persistent Threat Group, is targeting PLCs, short for Programmable Logic Controllers. These devices, typically the size of a toaster, are placed in factories, water treatment centers, oil refineries and other industrial settings, often in remote locations. They provide an interface between computers and physical machinery used for automation.
Operational disruption and financial loss
“From at least March 2026, author agencies identified (through engagement with victim organizations) an Iranian-affiliated APT-group that disrupted the functioning of the PLC,” the advisory said. “These PLCs were deployed as part of a variety of industrial automation processes in many US critical infrastructure sectors (including government services and facilities, wastewater systems (WWS), and energy sectors). Some victims experienced operational disruption and financial losses.”
PLCs that are being compromised or targeted include those made by Rockwell Automation/Allen-Bradley. Security firm Sensis said on Wednesday that an internet scan conducted by it identified 5,219 such devices exposed to the internet. Fully 75 percent of them were located in the US and possibly in remote locations where the equipment is located. The infrastructure being used to target the devices is “a single multi-homed Windows engineering workstation running the Rockwell tool series”.
<a href