CISA Flags Surge in Iranian Cyber Attacks on U.S. Critical Infrastructure

CISA issued an April 7 advisory warning U.S. sectors of increased Iranian-affiliated cyber attacks.

The Cybersecurity and Infrastructure Security Agency (CISA), joined by the FBI, NSA, DOE, EPA, and U.S. Cyber Command, warned on April 7 of a surge in Iranian-affiliated cyber attacks targeting U.S. critical infrastructure sectors. The CISA advisory specifically highlights heightened threats to government facilities, water and wastewater systems, and energy providers.

• The attacks, attributed to the CyberAv3ngers group linked to Iran's Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC), focus on exploiting internet-facing Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs).
• Actors manipulated data presented on human-machine interface (HMI) and supervisory control and data acquisition (SCADA) systems, generating false readings while executing changes to control logic out of operators’ view. This led to operational disruptions and financial losses for affected entities.
• "The actors are exploiting widely used industrial control equipment—most notably Rockwell Automation/Allen‑Bradley controllers—when those systems are directly accessible from the internet," notes Ericka Johnson in her analysis.

CISA urges immediate action:

• Remove PLCs from direct internet exposure where possible
• Ensure PLCs are set in run mode to stop unauthorized logic modification
• Replace default passwords with strong, unique credentials

Legal and corporate sectors—especially those advising or operating in impacted industries—should treat the advisory as a call to harden operational technology defenses and review incident response plans in light of these advanced threats. Find further details in government and industry analyses.

Yes, but: The advisory does not specify how many organizations were affected, nor if software patches are available for exploited vulnerabilities.