US warns Iranian hackers escalating attacks on OT assets

Targets publicly exposed programmable logic controllers and supervisory control and data displays

April 8, 2026

FBI, NSA, CISA, EPA, Department of Energy, and US Cyber Command’s Cyber National Mission Force claim the actors aim to cause disruptive effects inside the United States.
Activity has hit unnamed organisations in government services and facilities, water and wastewater systems, and the energy sectors.

US cybersecurity, law enforcement, and intelligence agencies on Tuesday warned that Iran‑affiliated hackers are intensifying campaigns against operational technology in multiple critical infrastructure sectors, targeting publicly exposed programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) displays.

According to a joint advisory from the FBI, NSA, CISA, EPA, Department of Energy, and US Cyber Command’s Cyber National Mission Force, the actors aim to cause disruptive effects inside the United States.

Officials said some intrusions have already led to operational disruption and financial losses, with attackers manipulating display data, extracting device project files, and interacting with OT assets in ways that can impact real‑world processes.

Heightened regional tensions

The activity has hit unnamed organisations in government services and facilities, water and wastewater systems, and the energy sector, underscoring the risks posed by internet‑exposed industrial controllers and insufficient segmentation between IT and OT networks, the agencies said.

The alert arrives amid heightened regional tensions. While officials did not link specific incidents to recent military developments, security researchers and federal alerts describe a pattern of Iran‑aligned threat activity seeking to exploit readily accessible OT devices for disruptive impact rather than espionage, raising concerns about critical services’ resilience to adversary operations.

Advertisment

Agencies urged immediate hardening steps, including removing PLCs and HMIs from direct internet exposure, enforcing multifactor authentication and strong access controls, applying vendor security updates, segmenting networks, enhancing monitoring for unauthorised changes to OT configurations, and developing incident response playbooks tailored to industrial environments.

Discover more from TechChannel News

Subscribe to get the latest posts sent to your email.

Strait of Hormuz disruption elevates helium to top tech supply-chain risk

Nasir Security claims months-long breach of Dubai International Airport

Iran strike damages AWS facility in Bahrain

AI confronts hidden industrial workforce productivity gap in Middle East

BitGo prices IPO above range, raises $212.8m in 2026’s first crypto listing

Onton raises $7.5m to streamline online shopping with neurosymbolic AI

PhysicsWallah soars 45% on trading debut, valued at $5.1b

Nothing gets $200m to drive AI-enabled consumer hardware revolution

Germany warns of APT28 router hacks