U.S. cybersecurity and law enforcement agencies have issued a joint advisory warning of escalating Iranian hacking campaigns targeting critical infrastructure sectors in the United States. The advisory, released on Tuesday, highlights that Iranian hackers are compromising publicly exposed programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) systems, which are used to interact with or control critical infrastructure equipment. The hackers have sought to cause "disruptive effects within the United States," resulting in "operational disruption and financial loss" in some cases.
The targeted sectors include government services and facilities, water and wastewater systems, and the energy sector. The advisory was issued by the FBI, the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), the Department of Energy, and U.S. Cyber Command’s Cyber National Mission Force. The hackers have been breaking into Rockwell Automation’s Studio 5000 Logix Designer, a customizable program used to control industrial systems, according to the advisory.
The warning comes amid heightened tensions between the U.S. and Iran. President Donald Trump has issued a stark warning, stating that "a whole civilization will die tonight" if Iran fails to make a deal with the U.S. Meanwhile, Iran has threatened to attack additional infrastructure targets across its Gulf neighbors. The advisory recommends taking vulnerable internet-connected controllers offline to mitigate risks.
The hackers have interacted with data files in the systems to alter display data and extract device project data, according to the advisory. The FBI declined additional comment on the matter.