Iran cyber actors disrupting US water, energy facilities, FBI warns

What happened?

The FBI and several US cyber-defense agencies have warned that Iranian‑affiliated actors have escalated intrusions against US water and energy facilities, and it has been reported that some attacks have disrupted operations. The joint alert names attacks targeting operational technology — think PLCs, HMIs and SCADA displays — and says the intrusions began in March. It has been reported that the warning arrives amid heightened regional conflict; some sources allege ties between the timing of the strikes and broader military moves.

Tactics and targets

The agencies say the adversaries are focusing on internet‑exposed programmable logic controllers (PLCs), including Rockwell Automation/Allen‑Bradley devices, with the intent to manipulate project files and the data shown on operator screens. History matters here: in 2023 and 2024, Iran‑linked crews allegedly exploited default passwords and later deployed bespoke malware against PLCs and HMIs to gain remote control of water and fuel systems. The FBI declined to provide granular details on the recent operational impacts, but the advisory notes that some victims experienced both disruption and financial loss.

Why it matters

Why worry? Because these are the systems that keep taps flowing and lights on. Threat analysts say Iranian actors are now moving faster and targeting both IT and OT stacks — not a new threat, the agencies say, but an accelerating one. Security firms such as Check Point have tracked increased hits on the energy and utilities sector, and the joint alert should be read as a wake‑up call: check your internet‑exposed PLCs, patch, and drop default credentials. No one wants a thriller‑style blackout, but complacency is how bad things start.

Sources: The Register