Iranian-affiliated APT actors have escalated cyberattacks targeting US critical infrastructure, specifically internet-exposed Rockwell Automation/Allen-Bradley PLCs used in water treatment, energy, and other industrial facilities. The FBI, CISA, NSA, and other agencies issued a joint alert warning that attackers are manipulating project files and HMI/SCADA displays, causing operational disruptions and financial losses. The campaign has been ongoing since March and mirrors tactics used in prior attacks, including the 2023 CyberAv3ngers intrusions that exploited default PLC passwords. Security experts note Iran is accelerating both IT and OT targeting. Recommended mitigations include patching, enabling MFA, disconnecting OT devices from the internet, and monitoring suspicious traffic on OT-associated ports.
Sort: