Iran’s hackers are actively breaking into industrial control systems in the U.S., multiple federal agencies warned Tuesday, in an ongoing attempt to disrupt American infrastructure.
Subscribe to read this story ad-free
Get unlimited access to ad-free articles and exclusive content.
Hackers are compromising internet-facing tools made by Rockwell Automation, a Milwaukee-based maker of industrial control systems, which has led to “disruptions across several U.S. critical infrastructure sectors,” the advisory says. It is unclear whether any of the disruptions are significant.
The hackers have targeted victims in government services, water and wastewater services and the energy sector, it says. The warning concerning domestic critical infrastructure threats is the first one of its kind released to the public since the U.S. war with Iran began.
The advisory does not name which companies have been disrupted or how severe the effects of the hacks have been, but it says they have resulted in “operational disruption and financial loss” for victims.
It is jointly authored by the federal Cybersecurity and Infrastructure Security Agency, the FBI, the National Security Agency, the Energy Department and U.S. Cyber Command. The agencies recommend taking vulnerable internet-connected controllers offline.
It identifies the hackers as “Iran-affiliated advanced persistent threat (APT) actors.” “APTs” is a cybersecurity industry term used to refer to sophisticated or dogged hacker groups, which usually represent units working for a country’s military or intelligence services.
The hackers have been breaking into Rockwell’s Studio 5000 Logix Designer, a customizable program to control industrial systems, the advisory said. Rockwell did not immediately respond to a request for comment.
The advisory arrives amid rapidly escalating tensions between the U.S. and Iran. On Tuesday morning, President Donald Trump threatened that “a whole civilization will die tonight” if Iran does not agree to a deal that would reopen the Strait of Hormuz.
Officials told NBC News that the Pentagon has given Trump a list of infrastructure targets used by both Iran’s military and its civilian populace — potentially to avoid strikes’ being designated war crimes — if he chooses to order an attack.
Since the war started in February, Iran has publicly claimed evidence for only one significant cyberattack against a U.S. company, an attack on a Michigan medical tech company called Stryker.
The U.S. previously accused hackers working for the Islamic Revolutionary Guard Corps of targeting American water and wastewater systems using similar tactics in late 2023. The hackers, using the pseudonym “CyberAv3nger,” broke into at least 75 devices, the advisory said, though there were no public reports of their causing significant damage to American water or wastewater operations.
