Iran-linked hackers disrupt US critical infrastructure operations
Original: Iran-linked hackers disrupt operations at US critical infrastructure sites
Why This Matters
Escalating cyber warfare threatens US critical infrastructure security and operations
Iranian government hackers are disrupting operations at multiple US critical infrastructure sites since March 2026, targeting programmable logic controllers (PLCs) in water treatment, energy, and government sectors, causing operational and financial losses.
Six US agencies including FBI, CISA, and NSA issued an urgent warning about Iranian APT groups targeting PLCs at critical infrastructure sites. The hackers use legitimate Rockwell Studio 5000 software to access internet-exposed devices, affecting CompactLogix and Micro850 systems. Censys identified 5,219 vulnerable Rockwell devices online, 75% in the US. Attacks involve a Windows workstation connecting via Remote Desktop Protocol on port 43589. The campaign targets water treatment, energy, and government facilities, causing operational disruption and financial losses. This follows previous Iranian cyberattacks including 2023's CyberAv3ngers group that compromised 75 devices across critical infrastructure sectors.