US cybersecurity agency issues an urgent alert as Iranian hackers attack critical infrastructure — CISA guidance warns organizations to immediately shield certa

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works .

Iranian hackers are responding to the recent Iran-U.S. war with cyber attacks on critical American infrastructure, using vulnerabilities in systems used at water and energy companies, the U.S. has warned. The warning, released by the Cybersecurity and Infrastructure Security Agency this week, suggests that the Iranian attacks are focused on “internet-facing operational technology,” specifically programmable logic controllers, which allow them to gain a foothold and to cause disruption.

The CISA is now advising that affected organizations should begin to “urgently review” the guidance and to remove potentially exploitable controllers, specifically those made by Rockwell Automation and Allen-Bradley, from “direct internet exposure” using secure gateways and firewalls. The guidance also recommends auditing access logs for suspicious traffic across several ports, particularly 44818, 2222, 102, and 502.

The threat is serious enough that several U.S. agencies, including the FBI and NSA, are warning that organizations involved in critical infrastructure are at real risk. It’s no coincidence that the alert follows on from recent U.S. and Israeli military action against Iran who, in response, has placed IT companies in the region in their crosshairs, from direct strikes on Oracle and Amazon data centers to further threats to attack 14 other U.S. companies like Microsoft, Apple, and Google across the Middle East.

You may like CanisterWorm, a persistent malware worm, uses time zone to identify and wipe Iranian machines for no apparent reason. Iranian missile blitz takes down AWS data centers in Bahrain and Dubai Iran threatens Nvidia, Microsoft, other tech companies with strikes over alleged attack on Tehran bank The April 7, 2026 CISA guidance lists the “widespread use” of these programmable logic controllers in several critical industries as a direct threat. The report notes that “malicious interactions” have, in some instances, caused “the manipulation of data” which, “in a few cases” has led to operational downtime and financial loss.

While CISA doesn’t mention a specific hacking group, it has previously issued warnings about CyberAv3ngers , a group affiliated with Iran’s hardline Islamic Revolutionary Guard Corps, who it reported using similar exploits in 2024. Several sectors vital to the U.S. economy, including water, energy, and local municipal services, are considered at risk.

The guidance lists several IP addresses, collated by the FBI, that are believed to have been used by the group over different time periods, up to and including March 2026. Several attack vectors, including Rockwell Automation’s programming software Studio 5000 Logix Designer, are mentioned, along with common access ports and remote access tools that it has seen deployed on vulnerable devices, including Dropbear SSH software using port 22.

The advice for organizations that could be at risk is simple: double-check your logs and protect your devices. Among “immediate steps” it recommends to stop future attacks is to limit public-facing internet access to any vulnerable hardware and to use physical switch modes that limit programming or remote access on any PLCs that have the functionality.

Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.

Key considerations

Investor positioning can change fast
Volatility remains possible near catalysts
Macro rates and liquidity can dominate flows

Reference reading

More on this site

Informational only. No financial advice. Do your own research.

Key considerations

Reference reading

More on this site

Related posts:

Leave a Comment Cancel reply