Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

U.S. authoring agencies (FBI, CISA, NSA, DOE, EPA, USCYBERCOM) warn that Iranian-affiliated APT actors have exploited internet-accessible PLCs—particularly Rockwell Automation/Allen-Bradley devices—to extract project files and manipulate HMI/SCADA displays across multiple critical infrastructure sectors (Government, Water/Wastewater, Energy), causing operational disruption and financial loss; the advisory includes IOCs (notably several overseas IPs), targeted ports, MITRE ATT&CK mappings, and urgent mitigations such as removing PLCs from direct internet exposure, enforcing MFA/gateways, applying patches, and validating backups.