April 7, ‘26 “Iranian-Affiliated Cyber Actors exploit Programmable LogicControllers Across US Critical Infrastructure”
Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, Department of Energy, United States Cyber Command – Cyber National Mission Force
exec. summary
Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley
This activity has led to PLC disruptions across several U.S. critical infrastructure sectors through malicious interactions with the project file and manipulation of data on human machine interface (HMI) and supervisory control and data acquisition (SCADA) displays, resulting in operational disruption and financial loss.
U.S. organizations should urgently review the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) in this advisory for indications of current or historical activity on their networks, and apply the recommendations listed in the Mitigations section of this advisory to reduce the risk of compromise.
full report /link in comments
Alls I'm saying is that it's utterly stupid to have critical infrastructure connected to the internet. That should be handled in-house at the water plants, power plants, nuclear plants and so on, and I am extending my ridicule all the way down to the household level, where anything and everything is being shipped out with a WiFi module in it.
My laundry doesn't need to check the weather, and I don't need an app on my phone to tell me when it's finished washing, or to tell potential burgelers when I'm home washing whites.
thanks for clarification, 100% agree, no need for all that wifi module stuff!
and my based friends’ dogs are good alarms in case of burglars
I'm totally with you on this.