Cybersecurity — 2026-04-09

CISA and FBI Warn Iranian Hackers Disrupting US Critical Infrastructure via PLC Attacks

CISA and the FBI issued a joint advisory warning that Iranian-affiliated APT actors have disrupted programmable logic controllers across US critical infrastructure since March 2026, targeting government, water, and energy sectors. The attackers exploited internet-exposed Rockwell Automation/Allen-Bradley PLCs, manipulating project files, HMI displays, and SCADA systems to cause operational disruption and financial loss. The campaign escalated in parallel with the US-Iran kinetic conflict. The advisory marks an escalation in Iranian cyber operations against US OT systems, moving beyond reconnaissance to active disruption of industrial processes.
The shift from reconnaissance to active disruption of US industrial control systems marks a new phase in Iranian cyber operations. The targeting of Rockwell Automation PLCs, widely deployed across US critical infrastructure, and the correlation with kinetic conflict escalation suggest these attacks are integrated into Iran's hybrid warfare strategy rather than opportunistic criminal activity.
Sources: SecurityWeek · The Hacker News
Read in full briefing →