On Tuesday, a coalition of six government agencies—including the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Department of Energy—issued a joint alert regarding a state-sponsored Iranian advanced persistent threat (APT) group conducting cyberattacks against U.S. critical infrastructure.
The group is primarily targeting programmable logic controllers (PLCs). These devices, often no larger than a toaster, are widely used in industrial settings such as factories, water treatment plants, and oil refineries. They serve as the critical interface between computer automation systems and physical machinery.
Industrial Control Systems at Risk of Disruption
According to the joint alert, "Since March 2026, relevant agencies have confirmed through victim organizations that an Iranian-linked APT group has interfered with the functionality of PLCs." These devices are deployed across several critical sectors, including government services, wastewater management, and the energy sector. Some victims have already reported industrial operational disruptions and direct financial losses.
Investigations reveal that the hackers specifically targeted and compromised Allen-Bradley series products manufactured by Rockwell Automation. Scanning results released Wednesday by cybersecurity firm Censys indicate that 5,219 such devices are currently exposed to the public internet, with 75% located within the United States, typically at remote industrial sites.
Authorities report that the hackers utilized a "single multi-homed Windows engineering workstation running the Rockwell toolchain" to breach the devices. This method of attack underscores the hackers' sophisticated, highly customized capabilities regarding industrial control systems.
This campaign is believed to be a retaliatory move by Iran following recent military tensions with the U.S. Officials are now urging industrial operators to immediately audit affected equipment and strengthen remote access controls to prevent further destructive attacks.