As tensions escalate, a joint advisory from US agencies including the **FBI**, the **National Security Agency**, the **Department of Energy**, and the **Cybersecurity and Infrastructure Security Agency** (**CISA**) warns of Iranian-backed hackers targeting industrial control devices within critical infrastructure. The affected sectors include energy, water/wastewater utilities, and unspecified “government facilities.” ### PLC Compromise The attackers are focusing on programmable logic controllers (PLCs), particularly those from **Rockwell Automation**, aiming to manipulate data displays and potentially cause system downtime, damage, or dangerous conditions. The advisory notes that some incidents have already resulted in operational disruption and financial losses. ### Dragos' Perspective **Rob Lee**, the co-founder and CEO of **Dragos**, a cybersecurity firm specializing in industrial control systems, confirms an increase in incidents targeting industrial systems since the recent escalation of conflict. He emphasizes the willingness of Iranian actors, both state and non-state, to inflict harm through compromising these systems. ### Rockwell Automation Responds **Rockwell Automation** has acknowledged the advisory and states it is coordinating with government agencies. They have also published guidance for customers on securing their PLCs. ### CyberAv3ngers' Involvement The advisory suggests a link to the Iran-linked group **CyberAv3ngers**, also known as the Shahid Kaveh Group, which has previously targeted Israeli and US entities. This group, believed to be associated with the Iranian Revolutionary Guard Corps, has a history of attacks against industrial control systems, including those from **Unitronics** used in water and wastewater utilities. ### Asymmetric Warfare **Grant Geyer**, Claroty’s chief strategy officer, highlights the asymmetric warfare tactics employed by the IRGC in the cyber domain, aiming to cause disruption given their limitations in traditional military engagement. ### Escalating Threat Despite sanctions and a bounty placed on the group, **CyberAv3ngers** continue to evolve, breaching a US oil and gas company in 2024 and deploying the IOControl malware. The shift from opportunistic attacks to persistent threats raises concerns about future disruptive capabilities. ### Iran's Cyber Response In response to US and Israeli actions, Iran-linked groups like **Handala** have launched cyberattacks, including breaches of medical technology firm **Stryker** and a personal email account of former FBI director **Kash Patel**.