US Agencies Warn of Iranian-Linked Hackers Targeting Critical Infrastructure

US agencies issued a joint advisory on Tuesday warning of hacking attempts by a group affiliated with the Iranian government against critical infrastructure sectors. The targeted facilities include energy operations, water and wastewater utilities, and government sites. Hackers focused on programmable logic controllers, devices that enable digital control of physical machinery.

The advisory specifies that the hackers compromised PLCs sold by Rockwell Automation. By altering information on industrial control system displays, the attacks could lead to system downtime, equipment damage, or hazardous conditions. In some instances, these efforts resulted in operational disruptions and financial losses.

Rockwell Automation stated it takes product security seriously and is coordinating with government agencies. The company has published guidance for customers on securing PLCs. No specific details on the number of affected facilities were provided in the advisory.

The advisory does not name a specific hacking group but notes similarities to operations by CyberAv3ngers, also known as the Shahid Kaveh Group.

This Iran-linked team is believed to operate under the Iranian Revolutionary Guard Corps. The group has conducted attacks on Israeli and US targets in recent years. CyberAv3ngers gained access to over 100 Unitronics devices, commonly used in water and wastewater utilities.

Those incidents occurred starting in late 2023. The current campaign involves comparable tactics against similar industrial control systems.

The warnings highlight vulnerabilities in industrial control systems across multiple sectors.

Agencies recommend enhanced security measures for PLCs and related devices. No immediate threats or ongoing disruptions were detailed beyond the reported cases. This advisory follows a pattern of state-affiliated cyber operations targeting US infrastructure.