Iran-Linked Hackers Target US Critical Infrastructure, Government Agencies Warn

Federal agencies are warning that hackers working on behalf of the Iranian government are actively disrupting operations at multiple US critical infrastructure sites. Six government agencies issued an urgent advisory on Tuesday identifying the threat to industrial control systems. The FBI, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, Department of Energy, and US Cyber Command jointly reported that an Iranian-affiliated advanced persistent threat group has been compromising programmable logic controllers since at least March 2026. The targeted PLCs, manufactured Security firm Censys identified 5,219 internet-exposed Rockwell devices, with 75 percent located in the United States. The attackers are using legitimate vendor software including Rockwell Studio 5000 Logix Designer to manipulate project files and control system displays without requiring zero-day exploits. The cyberattacks come amid ongoing military conflict between the US and Iran. The advisory notes that pro-Iranian proxy groups have also conducted DDoS attacks against major platforms and government portals. Federal agencies have published IP addresses and infrastructure identifiers associated with the threat actors along with security guidance for affected organizations.