Iranian Hackers Target US Infrastructure

What's happened

Since March 2026, Iran-linked hackers have targeted US critical infrastructure by compromising programmable logic controllers (PLCs) used in water, energy, and government sectors. The FBI, CISA, NSA, and others have issued urgent warnings about disruptions and financial losses. Separately, Russian APT28 has hijacked thousands of routers globally to intercept credentials, escalating cyber threats.

What's behind the headline?

Iranian Cyberattacks on US Infrastructure

Iranian-affiliated hackers have escalated their cyber operations by directly accessing internet-exposed programmable logic controllers (PLCs) across multiple US critical infrastructure sectors. Using legitimate Rockwell Automation software, they manipulate industrial control systems without zero-day exploits, indicating sophisticated operational knowledge and access.

Broader Implications

• The targeting of PLCs in water, energy, and government services signals a strategic intent to disrupt essential services and cause operational and financial damage.
• The use of exposed devices in remote locations highlights persistent vulnerabilities in industrial automation security.
• The campaign’s timing, following US and Israeli air strikes on Iran, suggests retaliation and ongoing cyber conflict escalation.

Russian APT28 Router Hijacking

Simultaneously, APT28, linked to Russia’s GRU, has commandeered tens of thousands of consumer routers globally to intercept credentials and spy on government entities. Their blend of advanced AI tools and classic hacking techniques shows evolving cyber espionage tactics.

Forecast and Consequences

• US critical infrastructure will face increasing cyber threats exploiting legacy vulnerabilities and exposed devices.
• Organizations must urgently secure PLCs and consumer network devices to prevent further breaches.
• The geopolitical cyber conflict between the US, Iran, and Russia will intensify, with civilian infrastructure increasingly at risk.

Impact on Readers

Individuals should check their home routers for unauthorized DNS changes and update or replace outdated devices. Utilities and government agencies must isolate critical control systems from the internet to mitigate risks.

How we got here

Iranian cyber groups have targeted US industrial control systems before, including PLCs and human-machine interfaces. The current campaign uses legitimate vendor software to access exposed devices. Meanwhile, Russian military intelligence-linked APT28 has exploited consumer routers worldwide to spy on government agencies. These attacks occur amid heightened US-Iran tensions and ongoing cyber warfare.

Our analysis

Dan Goodin at Ars Technica reports that since March 2026, an Iranian-affiliated advanced persistent threat group has "disrupted the function of PLCs" across US critical infrastructure sectors, using legitimate Rockwell Automation software to manipulate devices without zero-day exploits. The FBI, CISA, NSA, and others have issued urgent advisories with technical details and mitigation guidance. The New York Post highlights that these attacks target "the programmable logic controllers, or PLCs, that essentially act as the brain of the systems used in power and water plants," emphasizing the operational disruption and financial losses experienced. Politico notes that CISA had previously stated it had "not seen a rise in threat actor activity" linked to Iran but is now actively tracking these threats. Separately, Ars Technica reveals that Russian military intelligence-linked APT28 has hijacked between 18,000 and 40,000 consumer routers worldwide, exploiting unpatched MikroTik and TP-Link devices to intercept Microsoft 365 credentials and spy on government agencies. Black Lotus Labs researchers describe APT28's use of both cutting-edge AI tools and classic hacking methods, underscoring their evolving tactics. Reuters and the New York Times provide context on the broader geopolitical tensions, including President Trump's warnings to Iran and Iran's retaliatory threats. The Independent adds a wider regional perspective, reporting Iranian attacks on commercial data centers in the Gulf, disrupting banking systems and highlighting the growing importance of data centers as wartime targets due to their role in AI and cloud computing infrastructure. This underscores the expanding scope of cyber warfare beyond traditional military targets.

Go deeper

• How are Iranian hackers accessing US industrial control systems?
• What steps can utilities take to protect their programmable logic controllers?
• How does the Russian APT28 router hijacking affect government cybersecurity?

More on these topics

• Iran - Country in the Middle East

  Iran, also called Persia, and officially the Islamic Republic of Iran, is a country in Western Asia. It is bordered to the northwest by Armenia and Azerbaijan, to the north by the Caspian Sea, to the northeast by Turkmenistan, to the east by Afghanistan a

• Cybersecurity and Infrastructure Security Agency - Agency

  The Cybersecurity and Infrastructure Security Agency was established on 16 November 2018 when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018.

• National Security Agency - Intelligence agency

  The National Security Agency is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence.

• Federal Bureau of Investigation - Law enforcement agency

  The Federal Bureau of Investigation is the domestic intelligence and security service of the United States and its principal federal law enforcement agency.

• Donald Trump - 45th U.S. President

  Donald John Trump is an American politician, media personality, and businessman who served as the 45th president of the United States from 2017 to 2021.

• Rockwell Automation - Company

  Rockwell Automation, Inc. is an American provider of industrial automation and information technology. Brands include Allen-Bradley and Factory Talk software.

• United States - Country in North America

  The United States of America, commonly known as the United States or America, is a country mostly located in central North America, between Canada and Mexico.