- US agencies issued a joint security advisory warning of an ongoing attack
- Rockwell Automation/Allen-Bradley-Made Programmable Logic Controllers (PLCs) Are Under Fire
- The violations resulted in disruption and loss of funds
Major US agencies, including the FBI, CISA, NSA and others, have issued a joint security advisory warning critical infrastructure organizations in the country about ongoing Iranian attacks against their endpoints.
The agencies said an Iranian-linked threat actor is currently attempting to exploit Internet-connected operational technology (OT) devices, including Rockwell Automation/Allen-Bradley-manufactured programmable logic controllers (PLCs), “with the intent to cause disruption.”
“As a result of this activity, organizations from several US critical infrastructure sectors experienced disruptions through malicious interaction with the project files and manipulation of data displayed on human machine interface (HMI) and supervisory control and data acquisition (SCADA) displays,” the guidance reads. “In a few cases, this activity has resulted in operational disruptions and financial losses.”
The article continues below
CyberAv3ngers’ fingerprints
The advisory did not say which organizations experienced these disruptions and financial losses, but it said public services and facilities (to include local councils), water and wastewater systems (WWS) and the energy sector were among the targets.
In its overview, The Record says a water treatment plant in Minot, North Dakota, reported a ransomware attack last week. Although the publication suggested that the two incidents may be connected, there is no confirmation yet and no groups have claimed responsibility for the incident.
The attacks started in March 2026 and are most likely in response to the military conflict currently taking place in Iran.
US and Israeli forces targeted Iranian critical infrastructure such as nuclear, petrochemical and industrial facilities, as well as railways and bridges, among others.
The author agencies did not name the group carrying out these attacks, but emphasized that they previously reported similar activity from a group called CyberAv3ngers (AKA Shahid Kaveh Group). This group is allegedly affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) Cyber Electronic Command (CEC).
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
