Iranian state-backed hackers are actively targeting Rockwell Automation/Allen-Bradley PLC devices in U.S. critical infrastructure, with nearly 3,900 such devices exposed to the internet. Censys data shows 74.6% of 5,219 globally exposed EtherNet/IP hosts are in the United States. The FBI confirmed attackers extracted project files and manipulated HMI/SCADA displays. Defenders are advised to firewall or disconnect PLCs from the internet, enforce MFA on OT networks, monitor logs for suspicious activity, and keep devices patched. This campaign follows similar IRGC-linked attacks on Unitronics OT systems in 2023-2024 and a recent Handala hacktivist wipe of ~80,000 Stryker devices.
Table of contents
Related Articles:Sort: