- US agencies issue joint security advisory warning of ongoing attack
- Programmable logic controllers (PLC) manufactured by Rockwell Automation/Allen-Bradley come under fire
- Violations led to disruption and loss of funds
Top US agencies, including the FBI, CISA, NSA and others, have issued a joint security advisory warning the country’s critical infrastructure organizations about ongoing Iranian attacks on their terminals.
The agencies said an Iranian-affiliated threat actor is currently attempting to exploit internet-connected operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley, “with the intent to cause disruption.”
“As a result of this activity, organizations across several critical infrastructure sectors in the United States have experienced disruptions due to malicious interactions with project files and manipulation of data displayed on human-machine interface (HMI) and supervisory control and data acquisition (SCADA) displays,” the advisory states. “In a few cases, this activity has resulted in operational disruptions and financial losses. »
Article continues below
Fingerprints of CyberAv3ngers
The notice does not specify which organizations suffered these disruptions and financial losses, but it indicates that government services and facilities (including local municipalities), water and sanitation systems (WWS), and energy sectors were among the targets.
In its article, The Record states that a water treatment plant in Minot, North Dakota, reported a ransomware attack last week. Although the publication hinted that the two incidents might be related, there is no confirmation yet and no group has taken responsibility for the incident.
The attacks began in March 2026 and are most likely a response to the military conflict currently taking place in Iran.
US and Israeli forces have targeted, among other things, Iranian critical infrastructure such as nuclear facilities, petrochemical plants and industrial sites, as well as railway lines and bridges.
The perpetrator agencies did not name the group carrying out these attacks, but noted that they had previously reported similar activities by a group called CyberAv3ngers (AKA Shahid Kaveh Group). This group is reportedly affiliated with the Cyber-Electronic Command (CEC) of the Islamic Revolutionary Guard Corps (IRGC).
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
