Federal agencies including the Cybersecurity and Infrastructure Security Agency, the FBI, the National Security Agency, the Energy Department, and U.S. Cyber Command issued a joint advisory on Tuesday about Iranian hackers breaking into U.S. industrial control systems. The hackers are compromising internet-facing tools from Rockwell Automation, a Milwaukee-based company, leading to disruptions in critical infrastructure sectors.
The advisory specifies that hackers targeted Rockwell's Studio 5000 Logix Designer, a program used to control industrial systems, resulting in operational disruptions and financial losses for victims. The hackers have targeted victims in government services, water and wastewater services, and the energy sector.
Government services, water and wastewater operations, and the energy sector have faced targeting from these Iran-affiliated advanced persistent threat actors. The hackers aim to disrupt American infrastructure, as detailed in the advisory, which notes effects across several critical areas.
The U.S. has accused hackers linked to the Islamic Revolutionary Guard Corps of similar tactics in late 2023, targeting water systems without causing major damage. Iran has claimed only one significant cyberattack on a U.S. company, Stryker, a Michigan-based medical tech firm, since the conflict began.
The agencies advise taking vulnerable internet-connected controllers offline to prevent further breaches by the hackers. This step targets the specific methods used by Iran-affiliated actors to gain access.
Federal agencies including the Cybersecurity and Infrastructure Security Agency, the FBI, the National Security Agency, the Energy Department, and U.S. Cyber Command issued a joint advisory on Tuesday about Iranian hackers breaking into U.S. industrial control systems. The hackers are compromising internet-facing tools from Rockwell Automation, a Milwaukee-based company, leading to disruptions in critical infrastructure sectors. These breaches affect everyday Americans by potentially interrupting water supplies and energy services, which could disrupt daily routines and pose risks to public safety.
The advisory specifies that hackers targeted Rockwell’s Studio 5000 Logix Designer, a program used to control industrial systems, resulting in operational disruptions and financial losses for victims. At least one previous attack involved hackers using the pseudonym CyberAv3nger, who compromised at least 75 devices in U.S. water and wastewater systems in late 2023. These intrusions highlight how such hacks could leave households without reliable drinking water or power, directly threatening personal and community well-being.
Government services, water and wastewater operations, and the energy sector have faced targeting from these Iran-affiliated advanced persistent threat actors. The hackers aim to disrupt American infrastructure, as detailed in the advisory, which notes effects across several critical areas. Such attacks could mean blackouts or contaminated water for millions, underscoring the vulnerability of essential services that people rely on for health and daily life.
The U.S. has accused hackers linked to the Islamic Revolutionary Guard Corps of similar tactics in late 2023, targeting water systems without causing major damage. Iran has claimed only one significant cyberattack on a U.S. company, Stryker, a Michigan-based medical tech firm, since the conflict began. These incidents show a pattern of cyber threats that could escalate, affecting jobs and economic stability in affected industries.
The agencies advise taking vulnerable internet-connected controllers offline to prevent further breaches by the hackers. This step targets the specific methods used by Iran-affiliated actors to gain access. Implementing these measures could help safeguard personal data and infrastructure, reducing the risk of disruptions that impact family finances and safety in the long term.
Highlighted text was flagged by the council. Tap to see feedback.
The sources also report that the hackers, linked to the Islamic Revolutionary Guard Corps, used the pseudonym 'CyberAv3nger' and broke into at least 75 devices in those attacks.