Federal officials are warning of a new wave of Iran-linked cyberattacks targeting critical U.S. infrastructure, though many details remain unclear. On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert saying hackers connected to Iran’s Islamic Revolutionary Guard Corps have been conducting operations against water and energy systems, with the apparent goal of causing disruptions inside the United States.
The advisory was described as “vaguely worded” and did not specify which facilities were affected, according to the New York Times. It noted that “in a few cases, this activity has resulted in operational disruption and financial loss,” without providing further details. The alert emphasized the risk to certain hardware, specifically programmable logic controllers made by Rockwell Automation, which are commonly used to operate industrial equipment. Operators were advised to ensure these devices are not accessible from the internet.
The notice did not mention Siemens controllers, which were exploited in the U.S.-Israeli cyberattack on Iran’s nuclear program more than a decade ago—a campaign that reportedly prompted Iran to develop its own offensive cyber units.
While the advisory did not identify a specific hacking group, it referred to “Iranian-affiliated advanced persistent threat actors” and suggested the attacks may be linked to ongoing hostilities, with targeting of U.S. organizations “recently escalat[ing], likely in response to hostilities,” according to Politico.
The alert was jointly issued by CISA, the National Security Agency, the FBI, U.S. Cyber Command, the Department of Energy, the Environmental Protection Agency, and the Cyber National Mission Force.