Iran‑linked PLC attacks cause real‑world disruption at critical US infra sites
Summary
Six US federal agencies have warned that Iran-affiliated threat actors have compromised internet-exposed programmable logic controllers (PLCs) at critical infrastructure facilities in the US since at least March 2026. The attacks targeted Rockwell Automation and Allen-Bradley PLCs in water/wastewater, energy, and government sectors, causing operational disruption and financial loss. Threat actors gained access by exploiting internet-exposed devices and using legitimate software to manipulate SCADA/HMI data and maintain persistence.
IFF Assessment
This is bad news for defenders as it highlights successful disruptive attacks against critical US infrastructure by a state-sponsored actor, indicating a significant threat.
Defender Context
This incident underscores the critical need for robust security measures in Operational Technology (OT) environments, particularly for internet-facing PLCs. Defenders should prioritize network segmentation, regular firmware updates, and continuous monitoring of OT systems for anomalous behavior, especially given the potential for escalation of geopolitical tensions to drive such attacks.