Iran-linked hackers have disrupted operations at U.S. critical infrastructure sites, including oil, gas, and water facilities, by exploiting vulnerabilities in industrial control systems. The FBI, along with the Cybersecurity and Infrastructure Security Agency (CISA), Environmental Protection Agency (EPA), National Security Agency (NSA), and others, issued a joint advisory warning of ongoing attacks that have caused operational disruptions and financial losses.[1][2]
According to the advisory, the hackers targeted programmable logic controllers (PLCs)—devices that automate industrial processes like those in energy and water systems—specifically models from Rockwell Automation/Allen-Bradley. Attackers manipulated project files, tampered with sensors, wiped configurations, and disrupted human-machine interfaces (HMIs) and supervisory control and data acquisition (SCADA) displays, leading to data manipulation and downtime.[1][2] Ars Technica reported that these incidents coincide with escalating tensions in the U.S.-Israel conflict with Iran, where cyberattacks on U.S. industrial sites have intensified.[Source 1]
The FBI's alert, referenced in a Slashdot report citing The Hill, emphasized risks to similar companies nationwide, urging defenses against attempts to seize control of PLC systems. Even amid a recent two-week ceasefire between Iran, the U.S., and Israel, Tehran-backed hackers have vowed to continue retaliatory strikes.[Source 2] This follows patterns seen in prior attacks, such as those on Unitronics PLCs by Iran-linked CyberAv3ngers during the 2023-2024 Gaza war, which compromised dozens of U.S. water utilities.[2]
Water and wastewater systems, vital for providing clean drinking water to communities, hospitals, and businesses, face heightened threats as an attractive target for disruption. EPA Assistant Administrator for Water Jess Kramer stressed the need for cybersecurity best practices to protect these lifelines, while FBI Assistant Director Brett Leatherman highlighted efforts to counter the actors and prevent further losses under the U.S. Cyber Strategy.[1] Energy sectors like oil and gas, along with municipal sites, report similar exploitations of internet-facing devices.[2]
Agencies recommend immediate steps: enabling multifactor authentication, removing devices from public internet exposure, reviewing logs for suspicious activity, and setting Rockwell PLCs to "run" mode via physical switches.[1][2] The advisory builds on broader concerns, including a March attack on medical firm Stryker, where hackers disrupted manufacturing and shipping after breaching its Microsoft Intune setup—another example of Iran-linked actors hitting U.S. targets since late February.[2]
These incidents underscore vulnerabilities in operational technology across critical sectors, potentially affecting public safety, economic stability, and national security. Organizations are racing to patch flaws and bolster defenses, but the persistence of threats despite diplomatic pauses signals prolonged risks. Federal partners continue monitoring and sharing intelligence to mitigate impacts and impose costs on the perpetrators.[1][2]