A coordinated cyber campaign linked to Iran is actively targeting critical infrastructure in the United States by exploiting vulnerabilities in operational technology systems, according to a joint advisory issued by Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, and National Security Agency. The advisory highlights ongoing exploitation activity aimed at internet facing OT devices, signaling continued risks to industrial environments that rely on connected control systems.
The agencies reported that the threat actors, identified as Iran linked advanced persistent threat groups, are focusing on devices manufactured by Rockwell Automation. Among the primary targets are programmable logic controllers produced under the Allen Bradley line, which is owned by Rockwell Automation. These controllers play a critical role in managing industrial processes across sectors such as energy, manufacturing, and utilities. By targeting such systems, attackers are attempting to disrupt operations at a foundational level, increasing the potential impact of their activities.
According to the advisory, the cyber incidents have already resulted in disruptions to PLC operations across multiple critical infrastructure sectors in the United States. The attackers have engaged in malicious interactions with project files and have manipulated system data, actions that have led to operational interruptions and financial losses for affected organizations. The exploitation of internet accessible OT devices underscores ongoing concerns about insufficient segmentation between IT and OT environments, as well as the risks associated with exposing industrial control systems to external networks.
In response to the advisory, Rockwell Automation stated that it is taking the matter seriously and is working closely with government agencies following the release of the joint cybersecurity notice. The company also referenced its own security advisories, including guidance issued on March 20 that recommends disconnecting devices from the internet where possible to reduce exposure. The situation reflects broader challenges in securing industrial control systems, where legacy infrastructure and increasing connectivity continue to expand the attack surface for threat actors targeting essential services.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
