Cyber Operations — 2026-04-09
CISA and FBI Issue Joint Advisory on Iranian-Linked Campaign Targeting U.S. Industrial Control Systems
The FBI, CISA, NSA, EPA, DOE, and U.S. Cyber Command jointly issued Advisory AA26-097A warning that an Iranian-affiliated APT group has exploited internet-facing Rockwell Automation/Allen-Bradley PLCs across U.S. critical infrastructure since March 2026. Targeted sectors include government facilities, water and wastewater systems, and energy. Victims experienced operational disruption and financial loss through manipulation of HMI and SCADA displays. NERC issued a follow-on alert urging electrical grid operators to lower thresholds for reporting suspicious cyber and physical security activity.
This advisory represents the first confirmed operational disruption of U.S. critical infrastructure by an Iranian-affiliated APT during the 2026 conflict. The six-agency attribution, including NSA and Cyber Command alongside civilian agencies, signals the IC treats this as a national security threat, not merely a criminal matter. The targeting of Rockwell Automation PLCs specifically mirrors the pattern from earlier CyberAv3ngers campaigns, suggesting an evolved version of the same IRGC-affiliated actor.