US agencies warn Iranian hackers are targeting American critical infrastructure — causing 'disruptive effects within the United States'

News
By published

Iran war has now spilled into US cyberspace

Electrical pylons and high voltage power lines are behind a barbed wire fence. critical infrastructure
(Image credit: Shutterstock)
  • US agencies issued a joint security advisory warning of an ongoing attack
  • Rockwell Automation/Allen-Bradley-manufactured programmable logic controllers (PLCs) are under fire
  • The breaches resulted in disruptions and loss of funds

Major US agencies, including the FBI, CISA, NSA, and others, have released a joint security advisory warning critical infrastructure organizations in the country about ongoing Iranian attacks against their endpoints.

The agencies said an Iranian-affiliated threat actor is currently trying to exploit internet-connected operational technology devices (OT), including Rockwell Automation/Allen-Bradley-manufactured programmable logic controllers (PLCs), “with the intent to cause disruptions”.

“As a result of this activity, organizations from multiple US critical infrastructure sectors experienced disruptions through malicious interactions with the project files and the manipulation of data displayed on human machine interface (HMI) and supervisory control and data acquisition (SCADA) displays,” the advisory reads. “In a few cases, this activity has resulted in operational disruption and financial loss.”

Article continues below

CyberAv3ngers' fingerprints

The advisory did not say which organizations experienced these disruptions and financial loss, but it did say Government Services and Facilities (to include local municipalities), Water and Wastewater Systems (WWS), and Energy Sectors, were among the targets.

In its writeup, The Record says a water treatment plant in Minot, North Dakota, reported a ransomware attack last week. While the publication hinted the two incidents might be connected, there is no confirmation yet, and no groups have taken responsibility for the incident.

The attacks started in March 2026 and are most likely in response to the military conflict currently taking place in Iran.

US and Israeli forces targeted, among other things, Iranian critical infrastructure such as nuclear facilities, petrochemical plants and industrial sites, and railways and bridges.

The authoring agencies did not name the group conducting these attacks but stressed that they previously reported on similar activity from a group called CyberAv3ngers (AKA Shahid Kaveh Group). This group is allegedly affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) Cyber Electronic Command (CEC).

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.