This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
04/08/2026
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
IC3.gov
Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation
activity targeting internet-facing operational technology (OT) devices, including
programmable logic controllers (PLCs) manufactured by Rockwell
Automation/Allen-Bradley. This activity has led to PLC disruptions across several
U.S. critical infrastructure sectors through malicious interactions with the project
file and manipulation of data on human machine interface (HMI) and supervisory
control and data acquisition (SCADA) displays, resulting in operational disruption
and financial loss.
U.S. organizations should urgently review the tactics, techniques, and procedures
(TTPs) and indicators of compromise (IOCs) in this advisory for indications of
current or historical activity on their networks, and apply the recommendations
listed in the Mitigations section of this advisory to reduce the risk of compromise.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information