THE SecurityWeek piece, dated 10 April 2026, reports that the US government warned Iran-linked hackers are targeting critical infrastructure by manipulating PLCs and OT, with advisories from CISA, the FBI and others noting attacks on Rockwell Automation PLCs alongside risks to other vendors.
The breaches disrupted operations and caused financial loss by tampering with HMIs and SCADA systems, and attackers targeted internet-exposed PLCs using Rockwell’s Studio 5000 Logix Designer to access CompactLogix and Micro850 controllers. Industries cited include government services, water and energy, with experts warning that public exposure of OT devices creates a large attack surface and that activity has included claims and counterclaims about compromises.
Analysts like Markus Mueller and Denis Calderone highlight that ports such as 44818 (EtherNet/IP), 102 (S7comm), and 502 (Modbus) are relevant, and stress that PLCs should not be internet-connected, with calls for network segmentation and stronger OT/IT boundaries. The piece also features cautions that threat actors may be in discovery or initial access phases, and urges steps like zero-trust, MFA, and rigorous monitoring to bolster resilience.