{"id":15262,"date":"2026-04-09T01:29:23","date_gmt":"2026-04-09T01:29:23","guid":{"rendered":"https:\/\/www.europesays.com\/news\/15262\/"},"modified":"2026-04-09T01:29:23","modified_gmt":"2026-04-09T01:29:23","slug":"iran-linked-hackers-are-sabotaging-us-energy-and-water-infrastructure","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/news\/15262\/","title":{"rendered":"Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure"},"content":{"rendered":"<p>As US President <a href=\"https:\/\/www.wired.com\/tag\/donald-trump\" class=\"text link\" rel=\"nofollow noopener\" target=\"_blank\">Donald Trump<\/a> threatens wholesale demolition of Iran&#8217;s infrastructure in the midst of an escalating war, <a href=\"https:\/\/www.wired.com\/tag\/iran\/\" class=\"text link\" rel=\"nofollow noopener\" target=\"_blank\">Iran<\/a> now appears to have already reciprocated with its own form of infrastructure sabotage: A hacking campaign hitting industrial control systems across the United States, including energy and water utilities, that US agencies say has had disruptive and costly effects.<\/p>\n<p class=\"paywall\">In a <a data-offer-url=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa26-097a\" class=\"external-link text link\" data-event-click=\"{&quot;element&quot;:&quot;ExternalLink&quot;,&quot;outgoingURL&quot;:&quot;https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa26-097a&quot;}\" href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa26-097a\" rel=\"nofollow noopener\" target=\"_blank\">joint advisory<\/a> published Tuesday, a group of US agencies including the FBI, the National Security Agency, the Department of Energy, and the Cybersecurity and Infrastructure Security Agency warned that a group of hackers affiliated with the Iranian government has targeted industrial control devices used in a series of critical infrastructure targets including in the energy sector, water and wastewater utilities, and unspecified \u201cgovernment facilities.\u201d According to the agencies, the hackers have targeted programmable logic controllers (PLCs)\u2014a type of device designed to allow digital control of physical machinery\u2014in those facilities, including those sold by industrial tech firm Rockwell Automation, with the apparent intention of sabotaging their systems.<\/p>\n<p class=\"paywall\">By compromising those PLCs, the advisory warns, the hackers sought to change information on the displays of industrial control systems, which can in some scenarios cause system downtime, damage, or even dangerous conditions. \u201cIn a few cases, this activity has resulted in operational disruption and financial loss,\u201d it reads, though it offers no details about the severity of those effects.<\/p>\n<p class=\"paywall\">\u201cIt\u2019s well documented that Iranian actors target industrial control systems and see them as a nexus to apply pressure,\u201d says Rob Lee, the co-founder and CEO of Dragos, a cybersecurity firm that focuses on industrial control systems, who says that his firm has responded to multiple incidents targeting industrial systems since the war against Iran began last month. \u201cWe have seen both state and non-state actors in Iran pose real risk and show willingness to hurt people through compromising these systems. I fully expect them to keep up the pressure and target those sites they can get access to.\u201d<\/p>\n<p class=\"paywall\">When WIRED reached out to Rockwell Automation, a company spokesperson responded in a statement that it \u201ctakes seriously the security of its products and solutions and has been closely coordinating with government agencies in connection with\u201d Tuesday&#8217;s advisory, and pointed to <a data-offer-url=\"https:\/\/www.rockwellautomation.com\/en-us\/trust-center\/security-advisories\/advisory.SD1771.html\" class=\"external-link text link\" data-event-click=\"{&quot;element&quot;:&quot;ExternalLink&quot;,&quot;outgoingURL&quot;:&quot;https:\/\/www.rockwellautomation.com\/en-us\/trust-center\/security-advisories\/advisory.SD1771.html&quot;}\" href=\"https:\/\/www.rockwellautomation.com\/en-us\/trust-center\/security-advisories\/advisory.SD1771.html\" rel=\"nofollow noopener\" target=\"_blank\">documents<\/a> it has <a data-offer-url=\"https:\/\/www.rockwellautomation.com\/en-fi\/trust-center\/security-advisories\/advisory.PN1550.html\" class=\"external-link text link\" data-event-click=\"{&quot;element&quot;:&quot;ExternalLink&quot;,&quot;outgoingURL&quot;:&quot;https:\/\/www.rockwellautomation.com\/en-fi\/trust-center\/security-advisories\/advisory.PN1550.html&quot;}\" href=\"https:\/\/www.rockwellautomation.com\/en-fi\/trust-center\/security-advisories\/advisory.PN1550.html\" rel=\"nofollow noopener\" target=\"_blank\">published<\/a> for customers on how to better secure their PLCs.<\/p>\n<p class=\"paywall\">Though the advisory doesn\u2019t specify a particular group responsible for the hacking campaign, it notes that the attacks are similar to those carried out in by the Iran-linked group <a href=\"https:\/\/www.wired.com\/story\/cyberav3ngers-iran-hacking-water-and-gas-industrial-systems\/\" target=\"_blank\" class=\"text link\" rel=\"nofollow noopener\">known as CyberAv3ngers<\/a>, or the Shahid Kaveh Group, starting in late 2023. That team of hackers, believed to work in the service of the Iranian Revolutionary Guard Corps, inflicted several waves of attacks against Israeli and US targets in recent years, including gaining access to more than a hundred devices sold by industrial control system technology firm Unitronics and most commonly used in water and wastewater utilities.<\/p>\n<p class=\"paywall\">In that hacking campaign, CyberAv3ngers set the names of the Unitronics devices to read \u201cGaza\u201d\u2014in a reference to Israel\u2019s invasion of the territory in retaliation for Hamas\u2019s October 7 attacks\u2014and changed the devices\u2019 displays to show an image of the CyberAv3ngers logo. Despite the initial appearance of mere vandalism, industrial cybersecurity firms that tracked the attacks, including Dragos and Claroty, told WIRED that the hackers corrupted the Unitronics\u2019 devices\u2019 code deeply enough to disrupt services in water utility networks from Israel to Ireland to a Pittsburgh, Pennsylvania, facility in the US.<\/p>\n<p class=\"paywall\">\u201cThe Unitronics attacks demonstrated the IRGC does have industrial control systems hacking capabilities,\u201d says Grant Geyer, Claroty\u2019s chief strategy officer. \u201cIf you look at the IRGC playbook, they know they can&#8217;t compete on the traditional military field. So they attempt to cause disruption within the cyber domain using asymmetric warfare techniques.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"As US President Donald Trump threatens wholesale demolition of Iran&#8217;s infrastructure in the midst of an escalating war,&hellip;\n","protected":false},"author":2,"featured_media":15263,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9605,572,9917,38,3414,9762,8,19,37,2000,9,7,36],"class_list":{"0":"post-15262","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-top-stories","8":"tag-critical-infrastructure","9":"tag-cybersecurity","10":"tag-cyberwar","11":"tag-donald-trump","12":"tag-hacking","13":"tag-hacks","14":"tag-headlines","15":"tag-iran","16":"tag-israel","17":"tag-national-security","18":"tag-news","19":"tag-top-stories","20":"tag-war"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@news\/116372161337108472","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/news\/wp-json\/wp\/v2\/posts\/15262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/news\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/news\/wp-json\/wp\/v2\/comments?post=15262"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/news\/wp-json\/wp\/v2\/posts\/15262\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/news\/wp-json\/wp\/v2\/media\/15263"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/news\/wp-json\/wp\/v2\/media?parent=15262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/news\/wp-json\/wp\/v2\/categories?post=15262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/news\/wp-json\/wp\/v2\/tags?post=15262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}