Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iranian state-sponsored hackers have been compromising internet-exposed programmable logic controllers (PLCs) in US critical infrastructure, resulting in disrupted operations and financial losses. The attackers have managed to manipulate display data and reduce PLC functionality, highlighting the vulnerability of operational technology (OT) devices. These incidents demonstrate the growing threat to critical infrastructure from nation-state actors, who are increasingly targeting OT devices to cause physical disruptions. The use of internet-facing OT devices has created an attack surface that can be exploited by sophisticated threat actors. The fact that these attacks have been successful in causing operational disruptions and financial losses underscores the need for critical infrastructure operators to prioritize the security of their OT systems¹. This matters to security practitioners because it highlights the importance of securing OT devices and networks to prevent similar attacks, which can have significant consequences for critical infrastructure and the economy.