Multiple US government agencies have issued an urgent warning: hackers linked to Iran are disrupting operations at critical infrastructure sites. The advanced persistent threat group is specifically targeting programmable logic controllers (PLCs), essential devices that interface between automation computers and physical machinery in factories, water treatment centers, and oil refineries.
These attacks, ongoing since at least March 2026, have impacted sectors including government services, wastewater systems, and energy. Some victims have experienced significant operational disruption and financial loss. Rockwell Automation/Allen-Bradley PLCs are among those being compromised. Internet scans revealed thousands of these devices exposed online, with a majority located in the US, often in remote areas where equipment is situated.