Andy Greenberg Security Apr 7, 2026 4:13 PM Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure As Trump threatens Iranian infrastructure, the US government warns that Iran has carried out its own digital attacks against US critical infrastructure. Photograph: David McNew; Getty Images Save this story Save this story As US President Donald Trump threatens wholesale demolition of Iran's infrastructure in the midst of an escalating war, Iran now appears to have already reciprocated with its own form of infrastructure sabotage: A hacking campaign hitting industrial control systems across the United States, including energy and water utilities, that US agencies say has had disruptive and costly effects. In a joint advisory published Tuesday, a group of US agencies including the FBI, the National Security Agency, the Department of Energy, and the Cybersecurity and Infrastructure Security Agency warned that a group of hackers affiliated with the Iranian government has targeted industrial control devices used in a series of critical infrastructure targets including in the energy sector, water and wastewater utilities, and unspecified “government facilities.” According to the agencies, the hackers have targeted programmable logic controllers (PLCs)—a type of device designed to allow digital control of physical machinery—in those facilities, including those sold by industrial tech firm Rockwell Automation, with the apparent intention of sabotaging their systems. By compromising those PLCs, the advisory warns, the hackers sought to change information on the displays of industrial control systems, which can in some scenarios cause system downtime, damage, or even dangerous conditions. “In a few cases, this activity has resulted in operational disruption and financial loss,” it reads. When WIRED reached out to Rockwell Automation, a company spokesperson responded in a statement that it “takes seriously the security of its products and solutions and has been closely coordinating with government agencies in connection with” Tuesday's advisory, and pointed to documents it has published for customers on how to better secure their PLCs. Though the advisory doesn’t specify a particular group responsible for the hacking campaign, it notes that the attacks are similar to those carried out in by the Iran-linked group known as CyberAv3ngers , or the Shahid Kaveh Group, starting in late 2023. That team of hackers, believed to work in the service of the Iranian Revolutionary Guard Corps, inflicted several waves of attacks against Israeli and US targets in recent years, including gaining access to more than a hundred devices sold by industrial control system technology firm Unitronics and most commonly used in water and wastewater utilities. This is a developing story, please check back for updates. Comments Back to top You Might Also Like In your inbox: Upgrade your life with WIRED-tested gear What you need to know about the foreign-made router ban Big Story: Anduril wants to own the future of war tech How Trump’s plot to grab Iran's nuclear fuel would actually work WIRED Health: Join the boldest minds in healthcare Andy Greenberg is a senior writer for WIRED covering hacking, cybersecurity, and surveillance. He’s the author of the books Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency and Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers . His books ... Read More Senior Writer Topics cybersecurity Iran hacking hacks national security critical infrastructure war cyberwar Donald Trump Israel Read More The Hack That Exposed Syria’s Sweeping Security Failures When Syrian government accounts were hijacked in March, the breach looked chaotic. But it revealed something more troubling: a state struggling with the most basic layer of cybersecurity. Danny Makki How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks Amid a paralyzing breach of medical tech firm Stryker, the group has come to represent Iran's use of “hacktivism” as cover for chaotic, retaliatory state-sponsored cyberattacks. Matt Burgess Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s Plus: Apple makes big claims about the effectiveness of its Lockdown Mode anti-spyware feature, Russia moves to implement homegrown encryption for 5G, and more. Andrew Couts Hackers Are Posting the Claude Code Leak With Bonus Malware Plus: The FBI says a recent hack of its wiretap tools poses a national security risk, attackers stole Cisco source code as part of an ongoing supply chain hacking spree, and more. Andrew Couts A Hacker Accidentally Broke Into the FBI’s Epstein Files Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more. Maddy Varner What Happens When a Nuclear Site Is Hit? As strikes continue on Iran’s nuclear facilities, the real danger isn’t the explosion, but what happens if critical safety systems fail—and how that risk could spread across the Gulf. Jethu Abraham A Single Strike Won’t Shut Off the Gulf’s Desalination System The Gulf’s water system is built with layers of backup, but it relies on continuous operation to hold. Dana Alomar Iran Warns US Tech Firms Could Become Targets as War Expands Companies including Google, Microsoft, and Palantir were listed as targets by Iranian media as the conflict with Israel and the US spills into digital infrastructure. Dana Alomar Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck Plus: The FBI admits it’s buying phone data to track Americans, Iranian hackers disrupt medical care at Maryland hospitals, and more. Matt Burgess Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk Major AI labs are investigating a security incident that impacted Mercor, a leading data vendor. The incident could have exposed key data about how they train AI models. Maxwell Zeff Iran Threatens to Start Attacking Major US Tech Firms on April 1 Tech giants like Apple, Google, and Microsoft are among those on a target list released by Iran’s Islamic Revolutionary Guard Corps. Louise Matsakis Iranians Don’t Have a Missile Alert System, So Volunteers Built Their Own Warning Map The crowdsourced website and app Mahsa Alert provides citizens in Iran with crucial information amid the country’s ongoing war with the US and Israel—and an internet blackout. Matt Burgess