Log In Get Started
World April 7, 2026

U.S. agencies warn of rising Iranian cyber activity against critical infrastructure amid hostilities

Advisory says attackers have focused on exposed PLCs and SCADA displays used across government services, water and energy systems

By Nina Shah
U.S. agencies warn of rising Iranian cyber activity against critical infrastructure amid hostilities

U.S. cybersecurity, intelligence and law enforcement agencies issued a joint advisory saying Iranian-affiliated hacking operations have intensified in response to ongoing hostilities. The campaigns have targeted publicly exposed programmable logic controllers and supervisory control and data acquisition displays that interface with critical infrastructure equipment, with some incidents producing operational disruptions and financial losses.

Key Points

  • U.S. agencies report escalation of Iranian-directed cyber operations in response to hostilities, focused on publicly exposed PLCs and SCADA displays.
  • Targeted sectors include government services and facilities, water and wastewater systems, and the energy sector - areas where operational disruption can have broader service and market effects.
  • The advisory states that in some incidents attackers altered display data and exfiltrated device project files, and that a few intrusions resulted in operational disruption and financial loss.

Summary

U.S. agencies report an uptick in Iranian-directed cyber activity aimed at devices that interact with or control critical infrastructure systems. The campaigns have targeted publicly reachable programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) displays, and in certain instances have caused disruptions and monetary harm.

Details of the advisory

On Tuesday multiple U.S. federal entities released a joint advisory describing a pattern of intrusions directed at equipment used across a range of critical infrastructure sectors. The advisory states that the attackers have sought to access PLCs and SCADA displays that are publicly exposed on the internet - the types of devices operators use to monitor and control infrastructure components.

The agencies said the threat actors are pursuing actions intended to produce "disruptive effects within the United States." The advisory notes that in a few cases the activity has led to operational disruption and financial loss.

Observed attacker behaviors

According to the advisory, the intrusions in some incidents included interaction with system data files in order to change what is shown on control displays, in addition to extracting device project data. The advisory identifies targeted organizations only by sector, naming government services and facilities, water and wastewater systems, and energy as affected areas.

Agencies involved and response

The advisory was published jointly by the Federal Bureau of Investigation, the National Security Agency, the Cybersecurity and Infrastructure Security Agency, the Environmental Protection Agency, the Department of Energy and U.S. Cyber Command's Cyber National Mission Force. The FBI declined to provide any additional comment beyond the advisory.

The warning was issued amid heightened rhetoric between the United States and Iran. The advisory followed public statements including a warning by President Donald Trump that "a whole civilization will die tonight" if Iran fails to reach a deal with the U.S., and comments from Iran that it would target additional infrastructure across neighboring Gulf states.

Context and implications

The advisory makes clear the attackers are focusing on operational technology components that bridge digital networks and physical infrastructure. By targeting PLCs and SCADA displays, the intrusions are aimed at elements that can influence the operation and monitoring of systems in government, water and energy sectors. The advisory links the recent increase in activity to hostilities but does not provide additional attribution detail beyond its characterization of the campaigns.

Risks

  • Operational disruption to government services, water systems, and energy infrastructure - outages or degraded service could affect service providers and dependent markets.
  • Financial loss resulting from disruptive cyber incidents - organizations in the targeted sectors may incur remediation, recovery and potential revenue impact.
  • Exposure of publicly reachable PLCs and SCADA displays - continued availability of vulnerable devices increases the risk of additional intrusions against critical infrastructure sectors.

More from World

U.N. Preliminary Inquiry Finds Israeli Tank Fire and Likely Hezbollah IED Killed Indonesian Peacekeepers Apr 7, 2026 Pope Leo Decries Threats to Iranian Civilians as 'Truly Unacceptable' Apr 7, 2026 Iraqi Militia Announces Release of Abducted U.S. Journalist, Orders Immediate Departure Apr 7, 2026 Iraqi Militia Announces Release of Abducted U.S. Journalist, Orders Immediate Departure from Country Apr 7, 2026 Acting AG Blanche Says President Has Right and Duty to Shape Probes Into His Investigators Apr 7, 2026