Ethical Hacking News
Hackers working on behalf of Iran's Islamic Revolutionary Guard Corps have been using legitimate vendor software to disrupt operations at multiple US critical infrastructure sites, likely in response to the ongoing war between the US and Iran. The attackers are targeting Programmable Logic Controllers (PLCs) deployed across various sectors, including Government Services and Facilities, Waste Water Systems (WWS), and Energy sectors. According to recent advisories, at least 75 devices were compromised, with many located in remote areas where equipment is situated. This incident highlights the increasing sophistication and reach of Iranian-affiliated cyberattack groups and emphasizes the need for organizations operating critical infrastructure sites to take immediate action to secure their systems and prevent further disruptions and financial losses.
US and Iran ongoing war has led to a significant increase in cyberattacks targeting critical infrastructure sites within the US. Hackers are using legitimate vendor software to gain direct access to PLCs, disrupting operations of critical infrastructure sites. PLCs are commonly used in industrial settings such as factories, water treatment centers, and oil refineries. 75% of exposed devices are located in the US, with many in remote locations making detection and response challenging. Targeted sectors include Government Services, Waste Water Systems, and Energy, which often have equipment in remote areas. Increasing sophistication and reach of Iranian-affiliated cyberattack groups highlights the need for immediate action to secure PLCs and industrial control systems. Pro-Iranian hacking groups are also conducting DDoS attacks against major platforms and Australian government portals.
The ongoing war between the US and Iran has led to a significant increase in cyberattacks targeting critical infrastructure sites within the United States. According to recent advisories issued by the FBI, Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), Department of Energy (DOE), and US Cyber Command, hackers working on behalf of Iran's Islamic Revolutionary Guard Corps have been using legitimate vendor software to gain direct access to internet-exposed Programmable Logic Controllers (PLCs) in an effort to disrupt the operations of these critical infrastructure sites.
The PLCs in question are typically used in industrial settings such as factories, water treatment centers, oil refineries, and other facilities where they provide an interface between computers used for automation and physical machinery. In this context, hackers have been using the Rockwell Studio 5000 Logix Designer software to interact with project files and manipulate Human-Machine Interface (HMI)/SCADA display data without requiring zero-day exploitation.
A total of five confirmed targeted device families include CompactLogix and Micro850, which are both made by Rockwell Automation/Allen-Bradley. Security firm Censys has reported that an internet scan it performed identified 5,219 devices exposed to the Internet, with a full 75% of them located in the US and likely in remote locations where equipment is situated.
The infrastructure being used to target these devices is a single multi-home Windows engineering workstation running the Rockwell tool chain. This information was obtained by Censys through an internet scan that identified several PLCs deployed across multiple US critical infrastructure sectors, including Government Services and Facilities, Waste Water Systems (WWS), and Energy sectors.
These sectors are often located in remote areas where equipment is situated, making it challenging for security personnel to detect and respond to these types of attacks. The fact that many of the targeted devices were exposed to the Internet without proper security measures in place raises concerns about the potential for further disruptions and financial losses for organizations operating critical infrastructure sites.
Furthermore, this incident highlights the increasing sophistication and reach of Iranian-affiliated cyberattack groups. In recent months, there have been multiple reports of these groups targeting US-based PLCs and other industrial control systems. These attacks often go undetected until they cause significant operational disruption and financial loss.
In addition to the US critical infrastructure sites targeted in this incident, pro-Iranian hacking groups are also reportedly conducting DDoS (Distributed Denial-of-Service) attacks against major platforms such as Netflix and Pinterest, as well as Australian government portals. This suggests that these groups are using a range of tactics and techniques to disrupt operations and cause financial losses.
In light of this incident, it is essential for organizations operating critical infrastructure sites to take immediate action to secure their PLCs and other industrial control systems. This includes implementing robust security measures such as firewalls, intrusion detection systems, and encryption to prevent unauthorized access to these systems.
Additionally, organizations should also consider conducting regular vulnerability assessments and penetration testing to identify potential weaknesses in their systems that could be exploited by hackers. Furthermore, they should ensure that all devices connected to the Internet are properly secured with up-to-date software patches, secure protocols, and other necessary measures to protect against unauthorized access.
The ongoing war between the US and Iran has led to a significant increase in cyberattacks targeting critical infrastructure sites within the United States. The recent advisories issued by government agencies highlight the need for organizations operating these sites to take immediate action to secure their systems and prevent further disruptions and financial losses.
Related Information:
https://www.ethicalhackingnews.com/articles/Hackers-on-Behalf-of-Iran-Target-US-Critical-Infrastructure-Sites-in-Wake-of-Ongoing-War-ehn.shtml
https://arstechnica.com/security/2026/04/iran-linked-hackers-disrupt-operations-at-us-critical-infrastructure-sites/
https://www.cnn.com/2026/04/07/politics/iran-linked-hackers-disrupt-us-industrial-sites
Published: Wed Apr 8 18:17:28 2026 by llama3.2 3B Q4_K_M
