Iran-Linked Hackers Target US Critical Infrastructure Amid Escalating Conflict
US authorities have issued an urgent warning over a wave of cyberattacks linked to Iranian state-backed hackers, saying multiple critical infrastructure sites across the United States have already experienced disruption and financial losses.
According to a joint advisory from a range of federal agencies, the attacks have targeted programmable logic controllers, or PLCs, which are widely used to automate industrial processes in sectors such as energy, wastewater, government services and large scale facilities. These devices play a crucial role in connecting digital control systems to physical machinery in factories, treatment plants and refineries.
Officials say the campaign has been active since at least March 2026, with victims reporting that the hackers interfered with the operation of PLCs deployed across several key sectors. In some cases, the impact has extended beyond cyber intrusion to real world operational disruption and direct financial damage.
Particular concern has centred on internet exposed Rockwell Automation and Allen-Bradley devices. Security researchers identified thousands of these controllers visible online, with the majority believed to be located in the United States. The attackers are reportedly using legitimate industrial software tools to gain direct access, allowing them to interact with project files and manipulate human machine interface and SCADA display data without needing to rely on zero day exploits.
Researchers say confirmed targets include CompactLogix and Micro850 device families. The attack infrastructure is said to involve a Windows engineering workstation running Rockwell software, with connections established through Remote Desktop Protocol over a non standard port. Other industrial protocols are also reportedly being probed, suggesting the campaign may extend to PLCs made by additional manufacturers.
The warning comes amid rising tensions tied to the expanding conflict involving the United States, Israel and Iran. Officials and researchers believe the cyber campaign is likely part of a broader response by Iranian aligned actors, who have previously targeted US industrial systems.
This is not the first time Iranian linked groups have been accused of attacking critical infrastructure. In 2023, a group known as CyberAv3ngers disrupted PLCs and human machine interfaces across multiple US sectors. More recently, other pro Iran actors have also been linked to disruptive cyber activity, including attacks on major companies and government related targets.
Authorities have released technical indicators, including IP addresses associated with the activity, as well as guidance for organisations to better secure exposed industrial systems. With the geopolitical situation continuing to intensify, officials are warning that cyberattacks on critical infrastructure may escalate further in the months ahead.
Photo Credit: DepositPhotos.com