{"id":9156,"date":"2026-04-07T20:47:56","date_gmt":"2026-04-07T20:47:56","guid":{"rendered":"https:\/\/sawahsolutions.com\/range\/pro-iran-hackers-have-disrupted-some-industrial-control-systems-us-says\/"},"modified":"2026-04-07T20:47:57","modified_gmt":"2026-04-07T20:47:57","slug":"pro-iran-hackers-have-disrupted-some-industrial-control-systems-us-says","status":"publish","type":"post","link":"https:\/\/sawahsolutions.com\/range\/pro-iran-hackers-have-disrupted-some-industrial-control-systems-us-says\/","title":{"rendered":"Pro-Iran hackers have disrupted some industrial-control systems, US says"},"content":{"rendered":"<div>\n<p>Iran-aligned hackers have exploited and disrupted operational technology control systems embedded in U.S. critical infrastructure, according to a federal\u00a0advisory issued Tuesday.<\/p>\n<p>\u201cThe authoring agencies assess a group of Iranian-affiliated advanced persistent threat (APT) actors is conducting this activity to cause disruptive effects within the United States.\u201d the advisory reads. \u201cThe group has targeted devices spanning multiple U.S. critical infrastructure sectors, including Government Services and Facilities (to include local municipalities), Water and Wastewater Systems (WWS), and Energy Sectors.\u201d<\/p>\n<p>The\u00a0assessment\u00a0was signed by the Cybersecurity and Infrastructure Security Agency, FBI, NSA, EPA, the Department of Energy, and U.S. Cyber Command\u2019s Cyber National Mission Force.<\/p>\n<p>It says hackers are especially targeting Rockwell Automation&#8217;s\u00a0Allen-Bradley line of programmable logic controllers, or PLCs, which monitor and automate the equipment used in\u00a0industrial processes such as water treatment, power generation,\u00a0and manufacturing.<\/p>\n<p>It says that the hackers have\u00a0manipulated\u00a0data on human-machine interfaces and on supervisory control and data acquisition, or SCADA, displays, and had harmful interactions with project files.<\/p>\n<p>The advisory is the latest signal that Iran-aligned hacker groups have impeded U.S. systems since the United States and Israel went to war against Iran on Feb. 28.\u00a0<\/p>\n<p>It comes after an apparent Tehran-backed hacker group carried out a cyberattack against medical technology giant Stryker last month, which wiped employees\u2019 phones and prevented workers from accessing their computers.<\/p>\n<p>A request for comment sent to Rockwell Automation\u2019s media relations email bounced back.<\/p>\n<p>Pro-Iran hackers have made a habit of targeting any computer systems tied to nations deemed foreign adversaries by Tehran, especially the U.S. and Israel. In late 2023, amid the Israel-Hamas war, one hacker group defaced the interfaces of water treatment systems in Pennsylvania, which had Israel-made Unitronics equipment built inside.<\/p>\n<p>In 2020, Rockwell Automation acquired Israel-based Avnet Data Security, aiming to bolster the cyber posture of its industrial control systems and operational technology.<\/p>\n<p>The assessment urged organizations to keep PLCs off the open internet, review logs for suspicious activity and lock down affected Rockwell devices to prevent unauthorized access. Unsecured internet-connected operational technology can expose industrial systems to remote access, giving attackers a pathway to disrupt or manipulate functions.<\/p>\n<p>The Iran war has been widely expected to test the strength of U.S. cyberdefenses, and experts have warned that exposed devices would be a potential target for pro-Iran hackers.<\/p>\n<p>President Donald Trump escalated his threats against Tehran on Tuesday, saying a \u201cwhole civilization will die tonight\u201d if Iran doesn\u2019t open the Strait of Hormuz by an 8 p.m. ET deadline.\u00a0<\/p>\n<p>Trump has promised to attack \u201cevery bridge\u201d and power station in the country if a deal isn\u2019t reached. Iran has promised a \u201cdevastating\u201d response if such an attack occurs. Any sharp escalation could heighten the risk of retaliatory cyberattacks.<svg class=\"content-tombstone\">\n<use xlink:href=\"http:\/\/www.defenseone.com\/static\/base\/svg\/spritesheet.svg#icon-d1-logo-tiny\"\/>\n<\/svg><\/p>\n<\/div>\n<p><script>\n!function(f,b,e,v,n,t,s)\n{if(f.fbq)return;n=f.fbq=function(){n.callMethod?\nn.callMethod.apply(n,arguments):n.queue.push(arguments)};\nif(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\nn.queue=[];t=b.createElement(e);t.async=!0;\nt.src=v;s=b.getElementsByTagName(e)[0];\ns.parentNode.insertBefore(t,s)}(window,document,'script',\n'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\nfbq('init', '10155007044873614'); \nfbq('track', 'PageView');\n<\/script><script>\n  window.fbAsyncInit = function() {\n    FB.init({\n      appId      : '1546266055584988',\n      autoLogAppEvents : true,\n      xfbml      : true,\n      version    : 'v2.11'\n    });\n  };\n  (function(d, s, id){\n     var js, fjs = d.getElementsByTagName(s)[0];\n     if (d.getElementById(id)) {return;}\n     js = d.createElement(s); js.id = id;\n     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n     fjs.parentNode.insertBefore(js, fjs);\n   }(document, 'script', 'facebook-jssdk'));\n<\/script><br \/>\n<br \/>Read the full article <a href=\"https:\/\/www.defenseone.com\/threats\/2026\/04\/pro-iran-hackers-have-disrupted-some-industrial-control-systems-us-says\/412684\/\" target=\"_blank\" rel=\"nofollow noopener\">here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Iran-aligned hackers have exploited and disrupted operational technology control systems embedded in U.S. critical infrastructure, according to a federal\u00a0advisory issued Tuesday. \u201cThe authoring agencies assess a group of Iranian-affiliated advanced persistent threat (APT) actors is conducting this activity to cause disruptive effects within the United States.\u201d the advisory reads. \u201cThe group has targeted devices spanning<\/p>\n","protected":false},"author":1,"featured_media":9157,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.defenseone.com\/media\/img\/cd\/2026\/04\/07\/040726IranNG_1\/open-graph.jpg","fifu_image_alt":"","footnotes":""},"categories":[31],"tags":[],"class_list":["post-9156","post","type-post","status-publish","format-standard","has-post-thumbnail","category-defense"],"_links":{"self":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts\/9156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/comments?post=9156"}],"version-history":[{"count":1,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts\/9156\/revisions"}],"predecessor-version":[{"id":9158,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts\/9156\/revisions\/9158"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/media\/9157"}],"wp:attachment":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/media?parent=9156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/categories?post=9156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/tags?post=9156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}