NEWS n ONTHE SAME DAY in April that the US and Iran announced a two-week ceasefire in their month-long conflict, a group of US government organisations issued an urgent warning that Iran-affiliated cyber-attackers have been targeting Internet-connected OT (operational technology) devices in the US, including Rockwell Automation PLCs and possibly others, including Siemens S7 PLCs. The organisations added that this activity has led to disruptions in critical infrastructure installations through malicious interactions with project files and manipulating the data on HMI and Scada displays, resulting in disruption and financial losses. The US government agencies that issued the statement included the FBI (Federal Bureau of Investigation), Cisa (Cybersecurity and Infrastructure Security Agency), NSA (National Security Agency), EPA (Environmental Protection Agency), DOE (Department of Energy), and CNMF (Cyber National Mission Force). They believe that a group of Iranianaffiliated APT (advanced persistent threat) actors has been targeting devices in critical sectors including Government services and facilities, water and wastewater systems, and the energy sector. In a warning posted on Cisa’s Web site, the agencies say that due to the widespread use of the PLCs and the potential targeting of other OT devices, US automation users should look urgently for signs of current or historical activity on their networks, and apply mitigations to reduce the risk of compromise. The agencies report that in a similar campaign that started in November 2023, cyberthreat actors affiliated with Iran’s Islamic Revolutionary Guard Corps Cyber Electronic Command targeted US–based PLCs and HMIs. These attacks, which targeted Unitronics PLCs with HMIs, compromised at least 75 devices. Since March 2026, an Iranian-affiliated APT group has been using overseas-based IP addresses to access Internet-facing Rockwell PLCs, using leased, third-party-hosted infrastructure with configuration software such as Rockwell’s Studio 5000 Logix Designer, to create connections to targeted PLCs, including Allen-Bradley CompactLogix and Micro850 PLC devices. Cisa has published a list of IP addresses used recently by the Iranian-affiliated cyber-attackers. The US agencies say that if owners and operators discover affected Internetaccessible devices, additional measures may be needed to evaluate the risk of compromise. They add that organisations with Rockwell PLCs should review the guidance that the manufacturer issued in 2021 and 2026 to strengthen the security of its OT systems. Iran-affiliated cyber-attackers have targeted US-based PLCs Opt ed co m close timize your torqu ooling machine ass r e moto s e m b ly w i th o ur G W EA W Water pip ASY INS solution. leakage-free Guaranteed GHTNESS e ce. WATER TI rfa leakage free pes Plug-and-Play inter N STALLATIO emoves the need T R MACHINE COS on controlle and hig ers cated to moti is 100% dedi dmotor. ETEL for special casting aroun gh-end motion system products Our w ology. o direct drive techn provides a portfolio to meet yo ide range of linear and torque m ur needs. motors, position and ETEL Torque Motors ar HEIDENHA buted in the UK by re distri b T: 01444 2477 • AIN GB Limited sales@heidenhain.co.uk • 711 www.etel.ch Iran-affiliated cyber-attackers are said to have been targeting Rockwell PLCs
RkJQdWJsaXNoZXIy MjQ0NzM=