US agencies warn of Iranian hacking campaign targeting energy and water systems
Iranian-linked hackers target industrial control systems
A coalition of US agencies has issued a stark warning about a hacking campaign tied to the Iranian government that is targeting industrial control systems across the United States, including energy and water utilities. The advisory, published Tuesday by the FBI, the National Security Agency, the Department of Energy, and the Cybersecurity and Infrastructure Security Agency, says the activity has already caused operational disruption and financial loss in some cases.
The warning comes as tensions between the US and Iran continue to escalate, with President Donald Trump threatening to demolish Iran’s infrastructure amid the widening conflict. According to the agencies, the hackers have been aiming at programmable logic controllers, or PLCs, which are used to digitally control physical machinery in critical environments. The targets include systems used by energy companies, water and wastewater utilities, and unspecified government facilities.
How the attacks work
The advisory says the intruders targeted PLCs in an apparent effort to sabotage operations. Some of the devices were made by Rockwell Automation, a major industrial technology company. By compromising these controllers, attackers can alter what operators see on industrial displays, creating the potential for downtime, equipment damage, or dangerous conditions.
The agencies did not provide details about the incidents they say caused disruption or financial losses, but their warning suggests the campaign has moved beyond reconnaissance and into attempts to interfere with real-world operations.
“It’s well documented that Iranian actors target industrial control systems and see them as a nexus to apply pressure,” says Rob Lee, co-founder and CEO of Dragos, a cybersecurity firm focused on industrial control systems. Lee said his company has responded to multiple incidents involving industrial systems since the war against Iran began last month. “We have seen both state and non-state actors in Iran pose real risk and show willingness to hurt people through compromising these systems. I fully expect them to keep up the pressure and target those sites they can get access to.”
A familiar playbook
Aizsargājiet savu privātumu ar Doppler VPN
3 dienu bezmaksas izmēģinājums. Bez reģistrācijas. Bez žurnāliem.
The advisory does not name a specific group behind the campaign, but it says the activity resembles attacks previously attributed to the Iran-linked group known as CyberAv3ngers, also called the Shahid Kaveh Group. That group, believed to operate in service of the Iranian Revolutionary Guard Corps, began carrying out similar operations in late 2023.
The comparison matters because industrial control systems are not ordinary corporate networks. They sit close to the physical processes that keep water flowing, electricity moving, and industrial equipment running. That makes them attractive targets in a geopolitical conflict, especially when the goal is not just to steal information but to create pressure through disruption.
Industry response and lingering risk
Rockwell Automation said in a statement that it “takes seriously the security of its products and solutions and has been closely coordinating with government agencies in connection with” the advisory. The company also pointed customers to guidance it has published on securing PLCs.
The broader warning from US agencies suggests that critical infrastructure operators should expect continued attempts to reach into industrial systems. The advisory frames the campaign as part of a pattern in which Iranian actors use cyber operations to apply pressure during periods of heightened conflict. For utilities and industrial operators, that raises the stakes well beyond a typical breach: the concern is not only data loss or extortion, but interference with the systems that keep essential services running.
As the conflict intensifies, the cyber front appears to be moving in step with the physical one, with US officials now warning that Iran’s response may already be arriving through the control panels of American infrastructure.
Sources:
Browse privately with Doppler VPN — no logs, one tap connect.