A number of essential infrastructure organizations within the US have been disrupted by Iran-linked cyberattacks that impacted operational know-how (OT) gadgets, in response to an pressing warning from federal businesses on Tuesday.<\/strong><\/p>\n In a joint advisory, the FBI, CISA, NSA, EPA, DOE, and United States Cyber Command warned that assaults in latest weeks have focused gadgets spanning a number of sectors, together with authorities providers and services (together with native municipalities), water and wastewater methods, and vitality sectors.<\/p>\n The federal businesses say that Iranian-linked menace actors are actively concentrating on internet-exposed programmable logic controllers (PLCs), notably these manufactured by Rockwell Automation\/Allen-Bradley, although different distributors might also be in danger.<\/p>\n \u201cBecause of this exercise, organizations from a number of U.S. essential infrastructure sectors skilled disruptions by malicious interactions with the undertaking information and the manipulation of information displayed on human machine interface (HMI) and supervisory management and information acquisition (SCADA) shows,\u201d the advisory<\/a> explains.<\/p>\n \u201cBecause of the widespread use of those PLCs and the potential for added concentrating on of different branded OT gadgets throughout essential infrastructure, the authoring businesses suggest U.S. organizations urgently evaluate the techniques, strategies, and procedures (TTPs) and indicators of compromise (IOCs) on this advisory for indications of present or historic exercise on their networks, and apply the suggestions listed within the Mitigations part to cut back the danger of compromise,\u201d the advisory continued.<\/p>\n In response to the authoring businesses, the marketing campaign has comparable exercise to earlier operations attributed to Iran-linked teams akin to CyberAv3ngers, which beforehand focused PLCs in US infrastructure sectors.<\/p>\n CyberAv3ngers is a gaggle linked to Iran\u2019s Islamic Revolutionary Guard Corps (IRGC) that has made earlier headlines for its assaults on the water sector.<\/p>\n In October 2024, synthetic intelligence big OpenAI stated the CyberAv3ngers hackers used its fashionable ChatGPT instrument<\/a> to plan ICS assaults. OpenAI stated accounts related to the group used ChatGPT to conduct reconnaissance, but additionally to assist them with vulnerability exploitation, detection evasion, and post-compromise exercise.<\/p>\n The group has focused industrial management methods (ICS) at a\u00a0water utility in Eire<\/a>\u00a0(the assault left individuals with out water for 2 days), a\u00a0water utility in Pennsylvania<\/a>, and\u00a0different water services<\/a>\u00a0in the US.\u00a0<\/p>\n Federal businesses are urging organizations to imagine they could be focused and to proactively assess their OT environments for vulnerabilities earlier than attackers exploit them.<\/p>\n Downloadable lists of IOCs have been made obtainable in each XML and JSON codecs:<\/p>\n The assaults are a part of a wider sample of escalating Iran-linked operations. On March 11, medical know-how big Stryker was focused by the Handala group, which reportedly wiped<\/a> greater than 200,000 of the corporate\u2019s gadgets.<\/p>\n Late final month, the US authorities formally linked the infamous Handala hacker group to the Iranian authorities. The announcement got here amid the takedown of a number of web sites utilized by Handala.<\/p>\n Handala<\/a>\u00a0has been on the radar of cybersecurity corporations for years, nevertheless it gained widespread consideration in latest weeks after ramping up its exercise following the beginning of the\u00a0US-Israel-Iran battle<\/a>.\u00a0<\/p>\n In a separate incident, Handala hacked FBI Director Kash Patel\u2019s private electronic mail account<\/a>, releasing pictures and emails allegedly taken from the inbox, although authorities stated no authorities info was uncovered.<\/p>\n In December 2025, the US authorities introduced rewards<\/a> of as much as $10 million for info on members of the Iranian hacking group generally known as Emennet Pasargad.<\/p>\nComparable exercise by CyberAv3ngers<\/h2>\n
Indicators of Compromise (IOCs)<\/strong><\/h2>\n
![\"\"](\"https:\/\/www.securityweek.com\/wp-content\/uploads\/2026\/04\/ICS-2026-970250-SW-1-1024x264.jpg\")
<\/a><\/figure>\n<\/div>\n