Iran-linked hackers disrupt US critical infrastructure operations
Original: Iran-linked hackers disrupt operations at US critical infrastructure sites
Why This Matters
Escalating cyber warfare targeting US industrial infrastructure poses significant national security risks
Iranian government-backed hackers have disrupted operations at multiple US critical infrastructure sites since March 2026, targeting programmable logic controllers in factories, water treatment centers, and energy facilities, causing operational disruption and financial losses.
Six US government agencies including FBI, CISA, NSA, EPA, Department of Energy, and US Cyber Command issued an urgent advisory warning about Iranian APT group targeting PLCs across critical infrastructure sectors. The hackers compromised Rockwell Automation/Allen-Bradley devices using legitimate vendor software Studio 5000 Logix Designer, accessing internet-exposed PLCs via Remote Desktop Protocol on TCP port 43589. Security firm Censys identified 5,219 exposed devices, 75% located in the US. The attacks involve a single Windows workstation with certificate name DESKTOP-BOE5MUC, targeting CompactLogix and Micro850 device families. Other protocols like Modbus/502 and S7/102 are also being probed, indicating broader targeting of multiple manufacturers' PLCs.