{"id":232396,"date":"2026-04-08T00:23:00","date_gmt":"2026-04-08T04:23:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/08\/iran-linked-hackers-disrupt-u-s-critical-infrastructure-by-targeting-internet-exposed-plcs\/"},"modified":"2026-04-08T00:23:00","modified_gmt":"2026-04-08T04:23:00","slug":"iran-linked-hackers-disrupt-u-s-critical-infrastructure-by-targeting-internet-exposed-plcs","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/08\/iran-linked-hackers-disrupt-u-s-critical-infrastructure-by-targeting-internet-exposed-plcs\/","title":{"rendered":"Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/iran-linked-hackers-disrupt-us-critical.html\">Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/iran-linked-hackers-disrupt-us-critical.html\">https:\/\/thehackernews.com\/2026\/04\/iran-linked-hackers-disrupt-us-critical.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-08 00:23:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><img decoding=\"async\" alt=\"\" border=\"0\" data-original-height=\"470\" data-original-width=\"900\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiBiMBUkucAS1NG7NHlk46hGqNyjv5iU5w1Z6HVNXgQywcDfTSOdtQWSqYA5ccSojgRB45ScYHFfyPWqe_9QbOZYo6u6V5qUAcRQIm4CfIDvkRqhs7rtPhmD7yNR4bn_StYbNZm2UWqXfeqXCUeDL1eneK7VyGnHfGbk3EatILzs_fKtRN6VxF8vnKDgQL_\/s1600\/plc.jpg\"\/><\/p>\n<p>Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence\u00a0agencies warned\u00a0Tuesday.<\/p>\n<p>&#8220;These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial loss,&#8221; the U.S. Federal Bureau of Investigation\u00a0(FBI) said in a post on\u00a0X.<\/p>\n<p>The agencies said\u00a0the campaign is part of\u00a0a recent escalation in cyber attacks orchestrated by Iranian hacking groups against U.S. organizations in response to the ongoing conflict between Iran, and the U.S. and Israel.<\/p>\n<p>Specifically, the activity has led to PLC disruptions across several U.S. critical infrastructure sectors via what the authoring agencies described as malicious interactions with the project file and manipulation of data on human-machine interface (HMI) and supervisory control and data acquisition (SCADA)\u00a0displays.<\/p>\n<p>These attacks have singled out Rockwell Automation and Allen-Bradley PLCs deployed in government services and facilities, Water and Wastewater Systems (WWS), and energy\u00a0sectors.<\/p>\n<p>&#8220;The actors used leased, third-party hosted infrastructure with configuration software, such as Rockwell Automation&#8217;s Studio 5000 Logix Designer software, to create an accepted connection to the victim&#8217;s PLC,&#8221; the advisory said. &#8220;Targeted devices include CompactLogix and Micro850 PLC\u00a0devices.&#8221;<\/p>\n<p>Upon obtaining initial access, the threat actors established command-and-control by deploying Dropbear, a Secure Shell (SSH) software, on victim endpoints to enable remote access through port 22 and facilitate the extraction of the device&#8217;s project file and data manipulation on HMI and SCADA\u00a0displays.<\/p>\n<p>To combat the threat, organizations are advised to avoid exposing the PLC to the internet, take steps to prevent remote modification either via a physical or software switch, implement multi-factor&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/iran-linked-hackers-disrupt-us-critical.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs https:\/\/thehackernews.com\/2026\/04\/iran-linked-hackers-disrupt-us-critical.html Publish Date: 2026-04-08 00:23:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-232396","post","type-post","status-publish","format-standard","hentry","category-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232396"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=232396"}],"version-history":[{"count":0,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232396\/revisions"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=232396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=232396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=232396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}