Sorry, your browser is not compatible with this application. Please use the latest version of Google Chrome, Mozilla Firefox, Microsoft Edge or Safari.
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
Federal cybersecurity agencies are warning organizations about an ongoing campaign by Iranian-affiliated advanced persistent threat actors targeting internet-connected programmable logic controllers and other operational technology devices across U.S. critical infrastructure sectors. The activity has impacted government facilities, water and wastewater systems, and energy organizations through unauthorized access to PLCs, manipulation of project files, and alteration of data displayed on HMI and SCADA systems. In some cases, victims experienced operational disruptions and financial losses. The advisory details the tactics, techniques, and procedures used by threat actors, including exploitation of internet-facing Rockwell Automation and Allen-Bradley PLCs, use of remote access tools, and abuse of commonly used OT ports. The report provides indicators of compromise, MITRE ATT&CK mappings, and mitigation guidance to help organizations strengthen OT security and reduce exposure to nation-state cyber threats.
| Format: |
|
| Topics: | |
| Website: | Visit Publisher Website |
| Publisher: | Cybersecurity and Infrastructure Security Agency (CISA) |
| Published: | April 7, 2026 |
| License: | Public Domain |
Featured Content
Contact Publisher
Claim Content