An Iranian state-sponsored APT group is actively disrupting US critical infrastructure by targeting programmable logic controllers (PLCs) within industrial automation processes, causing operational and financial impacts. The attack vector involves compromising these PLCs, which interface between automation computers and physical machinery in sectors like energy and water treatment. No specific vulnerability, CVSS score, affected versions, fixed versions, or workarounds are provided in the advisory.
Hackers working on behalf of the Iranian government are disrupting operations at multiple US critical infrastructure sites, likely in response to the country's ongoing war with the US, a half-dozen government agencies are warning. In an advisory published Tuesday, the FBI, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, Department of Energy, and US Cyber Command “urgently" warned that the APT, or advanced persistent threat group, is targeting PLCs, short for programmable logic controllers. These devices, typically the size of a toaster, sit in factories, water treatment centers, oil refineries, and other industrial settings, often in remote locations. They provide an interface between computers used for automation and physical machinery. Operational disruption and financial loss “Since at least March 2026, the authoring agencies identified (through engagements with victim organizations) an Iranian-affiliated APT-group that disrupted the function of PLCs,” the advisory stated. “These PLCs were deployed across multiple US critical infrastructure sectors (including Government Services and Facilities, Waste Water Systems (WWS), and Energy sectors) within a wide variety of industrial automation processes. Some of the victims experienced operational disruption and financial loss.” Read full article Comments