Iran-linked hackers disrupt operations at US critical infrastructure sites

Iran-linked hackers are disrupting operations at US critical infrastructure sites, targeting programmable logic controllers (PLCs) in various sectors like government services, waste water systems, and energy. The attacks have caused operational disruption and financial loss since at least March 2026. The hackers are focusing on PLCs made by Rockwell Automation/Allen-Bradley, with thousands of exposed devices identified in the US. The attacks are facilitated through a Windows engineering workstation running the Rockwell tool chain, posing a significant threat to industrial settings. Multiple government agencies have issued an urgent warning about this advanced persistent threat group's activities.