- US agencies warn of active Iranian cyberattacks on critical infrastructure
- Industrial control systems like PLCs are being directly targeted
- Some incidents have already caused disruption and financial losses
- Attacks may be linked to ongoing geopolitical tensions
A fresh joint advisory from leading US security agencies has raised concerns about a wave of cyberattacks linked to Iranian actors targeting critical infrastructure across the country. Authorities say the activity is not theoretical or exploratory. It is already causing real disruptions, with some organizations reporting operational impact and financial losses.
The warning comes from a coalition of federal bodies responsible for national security and cybersecurity. Their message is clear. Threat actors are actively probing and exploiting weaknesses in operational technology systems that underpin essential services.
According to the advisory, the attackers are focusing on internet exposed industrial control systems. These systems are widely used across sectors such as energy, water management, and government services. Because they are often connected to both physical processes and digital networks, they present a high value target for anyone looking to cause disruption.
Industrial control systems under direct attack
At the center of the campaign are programmable logic controllers, particularly those manufactured by Rockwell Automation under the Allen Bradley line. These devices are commonly used to automate industrial processes, from water treatment to electricity distribution.
Security experts say the attackers are not just attempting access. They are interacting with system configurations and manipulating how data is displayed to operators. This includes altering human machine interface views and supervisory control systems.
Such interference can create confusion for operators, delay response times, and in some cases lead to incorrect decisions that affect physical infrastructure. Even small changes in displayed data can have outsized consequences when systems are running continuously.
The advisory notes that multiple sectors have already felt the effects. These include local government services, water and wastewater systems, and parts of the energy sector. While specific organizations were not named, officials confirmed that disruptions have occurred and that some incidents led to financial damage.
Possible link to broader geopolitical tensions
The timing of the attacks has drawn attention. Officials believe the campaign began in March 2026 and may be connected to escalating tensions involving Iran.
Recent military actions targeting Iranian infrastructure, including industrial and transportation systems, may have triggered a cyber response. While attribution in cyberspace is always complex, the tactics and patterns observed align with previously documented activity from Iranian affiliated groups.
One group mentioned in the advisory is CyberAv3ngers, also known as the Shahid Kaveh Group. It has been linked in past reports to Iran’s Islamic Revolutionary Guard Corps cyber operations. However, agencies stopped short of formally attributing the current campaign to any single actor.
There are also emerging reports of incidents that could be connected. A ransomware attack on a water treatment facility in North Dakota has been highlighted as a possible example, though no official link has been confirmed.
A growing risk to essential services
The latest advisory underscores a broader concern within the cybersecurity community. Critical infrastructure is increasingly exposed to cyber threats, especially as more systems become connected to the internet for monitoring and efficiency.
Operational technology environments were not originally designed with modern cybersecurity threats in mind. Many systems rely on legacy software, weak authentication, or limited network segmentation. This makes them particularly vulnerable when exposed online.
US agencies are urging organizations to take immediate steps to secure their systems. This includes isolating critical devices from the public internet, applying security patches, monitoring for unusual activity, and strengthening access controls.
The warning is not just for large utilities or federal systems. Smaller municipalities and regional operators are equally at risk, especially if they lack dedicated cybersecurity resources.
Follow TechBSB For More Updates
