Cybersecurity — 2026-04-08

CISA Warns Iran-Linked Actors Targeting US Critical Infrastructure PLCs Amid Conflict

CISA issued a joint advisory with the FBI, NSA, EPA, DOE, and US Cyber Command warning that Iran-linked actors are exploiting internet-facing Rockwell Automation/Allen-Bradley programmable logic controllers and other OT devices at US critical infrastructure facilities. The attackers have manipulated project files and tampered with HMI and SCADA displays, causing operational disruption and financial loss at energy and water utilities. The advisory represents the most specific warning to date about Iranian cyber operations against US industrial control systems during the ongoing conflict.
This advisory escalates from general warnings to specific attack vectors, naming Rockwell Automation/Allen-Bradley CompactLogix and Micro850 controllers, with confirmed operational disruption at US facilities. The joint issuance by six agencies plus Cyber Command indicates assessed high confidence in the attribution and immediacy of the threat. Energy and water utilities are the primary targets, consistent with Iranian retaliatory cyber doctrine during active conflict.
Sources: CISA · ABA Banking Journal
Read in full briefing →