Skip to main content
System Status
Critical 10
|
High 38
|
Medium 1
|
Feed Online
UPDATED: 2026-06-11 00:00 UTC

Iranian APT Groups Escalate Attacks on Internet-Exposed PLCs: Water, Energy and Government Under Threat

Since March 2026, Iranian-affiliated APT actors have been conducting disruptive attacks on internet-exposed programmable logic controllers across US critical infrastructure — particularly water/wastewater, energy, and government services. A joint advisory from CISA, FBI, NSA and US Cyber Command details the campaign and recommended mitigations.

Default Credentials, Internet-Exposed PLCs, and the Unsophisticated Actor Problem

CISA's April 2026 joint advisory warns of Iranian-affiliated actors targeting internet-facing PLCs with basic techniques. The Poland energy attack demonstrated the real-world consequences. This analysis covers the threat, affected protocols, and what operators must do now.