Thousands of US Industrial Devices Vulnerable to Iranian Cyber Threats

Post Views: 3

US Industrial Devices Exposed to Iranian Cyberattacks Result in Disruptions and Financial Losses

A recent spate of cyberattacks attributed to Iranian state-sponsored hacking groups has targeted thousands of US industrial devices, resulting in operational disruptions and significant financial losses.

The Attack Surface

The attack surface targeted by the hackers includes over 4,000 programmable logic controllers (PLCs) manufactured by Rockwell Automation, which were exposed to the internet and vulnerable to exploitation.

“According to a joint advisory issued by multiple US federal agencies, the Iranian-affiliated Advanced Persistent Threat (APT) groups have been targeting Rockwell Automation/Allen-Bradley PLC devices since March 2026, causing operational disruptions and financial losses.” – Joint Advisory

The Impact

The FBI identified that this activity resulted in the extraction of the device’s project file and data manipulation on Human-Machine Interface (HMI) and Supervisory Control and Data Acquisition (SCADA) displays.

The Pattern of Escalation

The attacks follow a pattern of escalation, with Iranian-affiliated APT groups targeting US organizations in response to hostilities between Iran and the United States and Israel.

Defending Against These Attacks

Secure PLCs using a firewall or disconnect them from the internet.
Scan logs for signs of malicious activity and check for suspicious traffic on OT ports, particularly when it originates from overseas hosting providers.
Enforce multifactor authentication (MFA) for access to OT networks.
Keep all PLC devices up to date.
Disable unused services and authentication methods.

A History of Similar Attacks

This ongoing campaign follows similar attacks from nearly three years ago, when a threat group affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) and tracked as CyberAv3ngers targeted vulnerabilities in US-based Unitronics operational technology (OT) systems.

Recent Developments

More recently, the Handala hacktivist group, linked to Iran’s Ministry of Intelligence and Security, wiped approximately 80,000 devices from the network of US medical giant Stryker, including employees’ mobile devices and company-managed personal computers.

The US Government Response

The US government has urged organizations to take immediate action to protect themselves against these threats, emphasizing the importance of securing PLCs and implementing robust security measures to prevent further disruptions and financial losses.