Iranian-Affiliated Cyber Actors Exploit PLCs Across US Critical Infrastructure (cisa.gov)

U.S. agencies warn that Iranian-affiliated actors are exploiting internet-exposed operational technology devices, including Rockwell Automation/Allen-Bradley PLCs, to disrupt operations. The activity involves manipulating PLC project files and altering data shown on HMI/SCADA displays, leading to operational disruptions and in some cases financial loss across sectors such as government services, water and wastewater, and energy. CISA advises organizations to remove PLCs from direct internet access, review related indicators of compromise, and monitor specific OT-related ports and overseas-origin traffic.