Iranian-Actors Targeting PLCs & Critical Infrastructure

[loganwest123]

Good morning; if you not yet aware, please take preventative steps in the coming days, or communicate this with appropriate individuals within your respective domains:

CISA and FBI warn that Iranian-affiliated cyber actors are actively targeting and exploiting internet-exposed Programmable Logic Controllers (PLCs), specifically targeting Rockwell Automation/Allen-Bradley units in US critical infrastructure, such as water, energy, and government facilities. These attacks (since March 2026) cause operational disruptions and data manipulation.

Key Recommendations from Advisory AA26-097A:

• Remove Public Exposure: Immediately take internet-facing PLCs offline.
• Secure Access: Utilize secure gateways (jump hosts) for remote access and implement strong authentication, especially on cellular modems.
• Physical Protection: Set physical PLC mode switches to "Run" mode to prevent remote modification.
• Review Activity: Check networks for malicious interaction with project files and unauthorized access (Tactics, Techniques, and Procedures - TTPs).

Report Incidents: Contact CISA or your local FBI field office.

 

[renosteinke]

Iranians? Tell me it's not so!
Last week it was said to be the Chinese. Then the Russians, Then Eastern European hackers. And we all enjoyed the documentary "War Games," where a bored teen accessed NORAD and almost launched nuclear missiles.
If that wasn't enough, Admiral Adama was able to thwart the Cylon attack simply by refusing to network his Battlestar with the rest of the Galactic fleet.
As for the FBI . . . Oh please! I could tell you about their inertia, but I guarantee the story is so outrageous I have trouble believing the tale - and I was there!

 

[roger]

If the OP is applicable to anyone please take appropriate measures.