Hackers linked to the government of Iran have been targeting U.S. energy and water infrastructure since President Donald Trump launched a war in Iran, according to a new advisory from the Cybersecurity and Infrastructure Security Agency (CISA) and several other federal agencies.
The hackers have targeted programmable logic controllers (PLCs) made by Rockwell Automation, which allow for digital control of physical systems like water treatment and electricity generation, according to CISA. The agency is “urgently warning” American companies about the risk of exploitation for internet-connected tech.
The hacking has created “disruptions across several U.S. critical infrastructure sectors” but the advisory doesn’t give more detail about the extent of the disruptions. As NBC News notes, this is the first advisory of its kind since the start of the Iran War on Feb. 28, when the U.S. and Israel started bombing the country without articulating a coherent reason for why.
The new advisory doesn’t name the hacking group, describing it only as an “Iran-affiliated advanced persistent threat,” but notes that previous threats have come from CyberAv3ngers (aka Shahid Kaveh Group). About a month ago, the Iran-linked hacking group Handala launched a cyberattack against the U.S. medical equipment company Stryker that took its systems offline. That hack seemed to be more a target of opportunity, but hacking critical infrastructure in order to disrupt the lives of average Americans would be an arguably bigger win for Iran.
The advisory explains that administrators should remove the PLCs “from direct internet exposure via secure gateway and firewall.” Companies should also check available logs for suspicious traffic on the ports associated internet-connected systems, paying close attention to traffic coming from overseas hosting providers.
“For Rockwell Automation devices, place the physical mode switch on the controller into run position. Contact the authoring agencies and Rockwell Automation for guidance if you believe your organization was targeted,” the advisory explains.
The advisory was issued by numerous agencies, including the FBI, NSA, EPA, DOE, and U.S. Cyber Command’s Cyber National Mission Force, as well as CISA. Appropriately enough, President Trump has proposed to cut $707 million from CISA’s budget in the 2027 fiscal year.
Trump started the day Tuesday by writing a post to Truth Social threatening to destroy Iran and kicking off a national debate about whether he was contemplating the use of nuclear weapons.
“A whole civilization will die tonight, never to be brought back again. I don’t want that to happen, but it probably will,” Trump wrote. “However, now that we have Complete and Total Regime Change, where different, smarter, and less radicalized minds prevail, maybe something revolutionarily wonderful can happen, WHO KNOWS?”
Trump had given Iran until 8 p.m. ET on Tuesday to give in to his nebulous demands or be annihilated but sent a post around 6:30 p.m. ET saying that he had agreed to a two-week extension.
“Based on conversations with Prime Minister Shehbaz Sharif and Field Marshal Asim Munir, of Pakistan, and wherein they requested that I hold off the destructive force being sent tonight to Iran, and subject to the Islamic Republic of Iran agreeing to the COMPLETE, IMMEDIATE, and SAFE OPENING of the Strait of Hormuz, I agree to suspend the bombing and attack of Iran for a period of two weeks. This will be a double sided CEASEFIRE!” wrote Trump.
Trump claimed that the reason for the extension was that, “we have already met and exceeded all Military objectives, and are very far along with a definitive Agreement concerning Longterm PEACE with Iran, and PEACE in the Middle East.”
Click Here For The Original Source.
