- US agencies issued a joint security advisory warning of an ongoing attack.
- Programmable logic controllers (PLCs) made by Rockwell Automation/Allen-Bradley are under fire
- The violations led to disruptions and loss of funds.
Major US agencies, including the FBI, CISA, NSA and others, have issued a joint security advisory warning critical infrastructure organizations in the country about continued Iranian attacks against their endpoints.
The agencies said an Iran-affiliated threat actor is currently attempting to exploit Internet-connected operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley, “with the intent to cause disruption.”
“As a result of this activity, organizations across multiple U.S. critical infrastructure sectors experienced disruptions through malicious interactions with project files and manipulation of data displayed on human-machine interface (HMI) and supervisory control and data acquisition (SCADA) displays,” the advisory reads. “In some cases, this activity has resulted in operational disruptions and financial losses.”
Article continues below.
CyberAv3ngers fingerprints
The notice did not say which organizations experienced these disruptions and financial losses, but did say that government services and facilities (to include local municipalities), water and wastewater systems (WWS), and energy sectors were among the targets.
In its article, The Record says that a water treatment plant in Minot, North Dakota, reported a ransomware attack last week. While the publication hinted that the two incidents could be related, there is no confirmation yet and no group has taken responsibility for the incident.
The attacks began in March 2026 and are likely a response to the military conflict currently underway in Iran.
US and Israeli forces attacked, among other things, critical Iranian infrastructure, such as nuclear facilities, petrochemical plants and industrial sites, as well as railways and bridges.
The authoring agencies did not name the group carrying out these attacks, but emphasized that they previously reported similar activity from a group called CyberAv3ngers (also known as the Shahid Kaveh Group). This group is allegedly affiliated with the Cyber Electronic Command (CEC) of Iran’s Islamic Revolutionary Guard Corps (IRGC).
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
