U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs

Iranian threat actors are targeting critical infrastructure networks by exploiting internet-exposed programmable logic controllers (PLCs), specifically Rockwell/Allen-Bradley models, according to a joint advisory from US agencies including the FBI and CISA¹. This targeted campaign involves advanced persistent threat (APT) actors attempting to compromise operational technology (OT) devices. The alert highlights the vulnerability of internet-facing PLCs, which are commonly used in critical infrastructure systems. The shift from financially motivated attacks to state-aligned activity changes the threat model, requiring a different approach to mitigation and response. This geopolitical threat necessitates a proactive and informed defense strategy, as the potential consequences of a successful attack on critical infrastructure could be severe. The involvement of US agencies and the focus on Iranian threat actors underscores the seriousness of the threat, making it essential for practitioners to reassess their security protocols and implement measures to protect against such attacks.