ACCORDING to the advisory issued by the FBI, CISA, NSA, EPA, DOE and United States Cyber Command, Iranian-linked threat actors are actively targeting internet-exposed programmable logic controllers (PLCs) across multiple U.S. critical infrastructure sectors, with disruptions arising from manipulated project files and altered data displayed on HMI and SCADA systems. The agencies warn that PLCs from Rockwell Automation/Allen-Bradley are particularly at risk, though other vendors may also be affected.
The campaign has disrupted operations in Government Services and Facilities, Water and Wastewater Systems, and Energy Sectors, underscoring a broad OT targeting pattern. The report notes that activity shares similarities with operations attributed to CyberAv3ngers, a group linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), which has previously targeted ICS in U.S. infrastructure.
OpenAI separately said CyberAv3ngers used ChatGPT to aid ICS reconnaissance and exploitation, illustrating the evolving toolkit used by Iran-linked actors in this space.