Iranian Hackers Attack US Critical Infrastructure, Disrupting Operations and Causing Financial Losses

A group of hackers working on behalf of the Iranian government has reportedly launched a hacking operation against critical infrastructure in the United States at several locations, likely in response to the ongoing conflict between the two countries.

The Iranian hackers’ operation has drawn sharp attention from several US security agencies, including the FBI, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Environmental Protection Agency, the Department of Energy, and the Cyber Command.

For context, PLCs are devices that provide an interface between computers and machines for automation. PLCs are typically the size of a toaster and are used in factories.

US security agencies in their warning report have identified Iranian hacker attacks disrupting PLC functions since March last year amid escalating Iran-US conflict.

“At least since March 2026, the agencies issuing the warning have identified (with involvement from victim companies or organisations) an Iran-affiliated APT group disrupting PLC functions,” stated the US security agencies in the warning report on Friday (10/4/2026).

The report reveals that the Iranian hacker attacks targeted PLCs used in various US critical infrastructure sectors, such as government services and facilities, wastewater systems, and energy. These attacks have caused operational disruptions and financial losses.

“These PLCs are used in various US critical infrastructure sectors (including Government Services and Facilities, Wastewater Systems (WWS), and the Energy sector) in various industrial automation processes,” the warning report from various US security agencies states.

“Several victims have experienced operational disruptions and financial losses,” the warning report adds.

On Wednesday last week (8/4/2026), the security company Censys stated that it had scanned 5,219 internet-connected Allen-Bradley PLCs, 75 per cent of which are located in the US and likely placed in remote locations.

“The confirmed targeted PLC device types include CompactLogix and Micro850,” Censys said.

Censys explained that the Iranian hackers’ attacks on several PLCs utilised Windows-based industrial computer workstations running a suite of software from Rockwell Automation.

From those workstations, hackers could access internet-connected PLCs by exploiting official Rockwell software, namely Rockwell Studio 5000 Logix Designer.

Through this scheme, hackers could interact with project files and manipulate interfaces and data via “zero-day exploitation,” meaning without needing to exploit software vulnerabilities.