Feds issue urgent warning about potential Iran-linked cyber attacks

Several federal agencies issued a high-urgency joint advisory warning of an urgent and ongoing Iranian-affiliated cybersecurity threat.

The agencies “urgently” warned of ongoing cyber exploitation of internet-connected operational technology across multiple U.S. critical infrastructure sectors, including state, county and municipal government services and facilities, such as water and wastewater systems and energy sectors.

“As a result of this activity, organizations from multiple U.S. critical infrastructure sectors experienced disruptions through malicious interactions with the project files and the manipulation of data,” the joint statement reads, adding that such activity has resulted in operational disruption and financial loss in some cases.

The joint statement came from the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, Department of Energy and United States Cyber Command — Cyber National Mission Force.

A group of Iranian-affiliated actors — allegedly linked to Iran’s Islamic Revolutionary Guard Corps Cyber Electronic Command, previously known as CyberAv3ngers — has targeted devices spanning multiple U.S. critical infrastructure sectors, the statement said.

Exploitation activity targeting internet-facing operational technology devices includes programmable logic controllers manufactured by Rockwell Automation/Allen-Bradley.

Rockwell Automation, which manufactures control systems, software and services, issued a customer notice on March 10 after it became “aware of potential threat actor activity” targeting its controllers.

In some cases, organizations’ operational technology in drinking water and wastewater systems is disrupted.

At-risk facilities should immediately disconnect PLCs from public-facing internet through a secure gateway, place physical mode switches into run position to prevent remote modification and create strong offline backups of PLC logic and configurations.

“The FBI and its partners are issuing this advisory to ensure organizations are best positioned to defend themselves against exploitation by Iran-affiliated cyber actors,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division in a statement. “Our goal is to prevent further operational disruption and financial loss for targets of this threat activity while we work to impose costs on malicious actors—all of which builds upon the new Cyber Strategy for America.”

The warning came as President Trump delivered ultimatums for Iran to bow to U.S. demands or else face destruction.