A multi-agency U.S. advisory warns Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley PLCs on critical infrastructure networks to disrupt operations and manipulate data.

The activity aligns with broader Iran-U.S.-Israel hostilities, with potential retaliatory implications if the U.S. acts against Iran’s infrastructure.

past Iran-aligned intrusions include a late-2023 Pennsylvania water system breach using Israel-made Unitronics equipment, illustrating a pattern of targeting critical infrastructure via ICS/SCADA components.

If available, enable protections such as run mode and key switching to prevent unauthorized changes.

The article references broader security testing methods and external materials on automated pentesting and validation surfaces.

The advisory focuses on hardware vulnerabilities rather than naming a specific hacking group or facility-level details.

Organizations should back up PLC logic and configurations regularly and test recovery procedures to support resilience.

Guidance recommends monitoring for unauthorized access, reviewing logs for suspicious activity, and validating IP addresses before blocking to avoid disrupting legitimate operations.

Some sites experienced shutdowns of industrial processes, forcing manual operation and causing financial losses.

Politico and the New York Times are cited for context on the advisory’s wording, scope, and potential implications.

Mitigations include removing PLCs from direct internet exposure via secure gateways, placing Rockwell devices in physical mode, patching, multifactor authentication, limiting internet exposure, and enhancing monitoring.

The advisory emphasizes protecting Rockwell PLCs and keeping them off the open internet to prevent unauthorized access.