Pro-Iran hackers are targeting US industrial control systems, advisory says
daoleduc/Getty Images
This latest cyber assessment released during the war with Iran mirrors similar cyber intrusions made by an Iran-aligned group that targeted Pennsylvania water systems in late 2023.
Iran-aligned hackers have exploited and disrupted operational technology control systems embedded in multiple U.S. critical infrastructure sectors, targeting equipment manufactured by Rockwell Automation, according to an advisory issued Tuesday.
The hackers have set their sights on the company’s Allen-Bradley line of programmable logic controllers, or PLCs, which are digital computers that interface with operational equipment to monitor and automate industrial processes like water treatment, power generation and manufacturing.
The cyber intrusions have, in some cases, resulted in operational disruption and financial loss, according to the assessment signed by the Cybersecurity and Infrastructure Security Agency, FBI, NSA, EPA, the Department of Energy and U.S. Cyber Command’s Cyber National Mission Force.
The disruptions occurred by manipulating data on human-machine interfaces and on supervisory control and data acquisition, or SCADA, displays, as well as harmful interactions with project files, it adds.
The advisory is the latest signal indicating that Iran-aligned hacker groups have successfully targeted and impeded U.S. systems amid the ongoing U.S.-Israel war against Iran that broke out Feb. 28.
It comes after an apparent Tehran-backed hacker group carried out a cyberattack against medical technology giant Stryker last month, which wiped employees’ phones and prevented workers from accessing their computers.
“The authoring agencies assess a group of Iranian-affiliated advanced persistent threat (APT) actors is conducting this activity to cause disruptive effects within the United States.” the advisory reads. “The group has targeted devices spanning multiple U.S. critical infrastructure sectors, including Government Services and Facilities (to include local municipalities), Water and Wastewater Systems (WWS), and Energy Sectors.”
A request for comment sent to Rockwell Automation’s media relations email bounced back.
Pro-Iran hackers have made a habit of targeting any computer systems tied to nations deemed foreign adversaries by Tehran, especially the U.S. and Israel. In late 2023, amid the Israel-Hamas war, one hacker group defaced the interfaces of water treatment systems in Pennsylvania, which had Israel-made Unitronics equipment built inside.
In 2020, Rockwell Automation acquired Israel-based Avnet Data Security, aiming to bolster the cyber posture of its industrial control systems and operational technology.
The assessment urged organizations to keep PLCs off the open internet, review logs for suspicious activity and lock down affected Rockwell devices to prevent unauthorized access. Unsecured internet-connected operational technology can expose industrial systems to remote access, giving attackers a pathway to disrupt or manipulate functions.
The Iran war has been widely expected to test the strength of U.S. cyberdefenses, and experts have warned that exposed devices would be a potential target for pro-Iran hackers.
President Donald Trump escalated his threats against Tehran on Tuesday, saying a “whole civilization will die tonight” if Iran doesn’t open the Strait of Hormuz by an 8 p.m. ET deadline.
Trump has promised to attack “every bridge” and power station in the country if a deal isn’t reached. Iran has promised a “devastating” response if such an attack occurs. Any sharp escalation could heighten the risk of retaliatory cyberattacks.