**Iranian APTs Target U.S. Infrastructure** A joint advisory issued by the **FBI**, **CISA**, **NSA**, the **Environmental Protection Agency (EPA)**, **Department of Energy (DOE)**, and the **United States Cyber Command – Cyber National Mission Force (CNMF)**, highlights the escalating threat posed by Iranian-affiliated advanced persistent threat (APT) actors. These actors are specifically targeting Internet-exposed PLCs used in critical infrastructure organizations, including Government Services and Facilities, Water and Wastewater Systems, and Energy. The advisory states that the **FBI** assesses these groups intend to cause disruptions by maliciously interacting with project files and manipulating data displayed on Human Machine Interface (HMI) and Supervisory Control and Data Acquisition (SCADA) systems. "Iranian-affiliated APT targeting campaigns against U.S. organizations have recently escalated, likely in response to hostilities between Iran, and the United States and Israel," the advisory warns. **Past Incidents and Threat Actor Affiliations** A similar advisory in November 2023 warned of the **CyberAv3ngers** threat group, linked to the Iranian Government Islamic Revolutionary Guard Corps (IRGC), exploiting vulnerabilities in U.S.-based **Unitronics** operational technology (OT) systems. Between November 2023 and January 2024, **CyberAv3ngers** compromised at least 75 **Unitronics** PLC devices, with half impacting Water and Wastewater Systems (WWS) critical infrastructure networks. **Mitigation Strategies** To defend against these attacks, the advisory recommends the following: * Disconnect PLCs from the Internet or secure them with a firewall. * Scan logs for indicators of compromise. * Check for suspicious traffic on OT ports, especially from overseas hosting providers. * Implement multi-factor authentication (MFA) for OT network access. * Keep PLCs updated with the latest firmware. * Disable unused services and default authentication keys. * Monitor network traffic for suspicious activity. **Recent Activity from Iranian-Linked Groups** Last month, the Iranian-linked **Handala** hacktivist group wiped approximately 80,000 devices on the network of U.S. medical device company **Stryker**. The **FBI** has also warned that Iranian hackers linked to the country's Ministry of Intelligence and Security (MOIS) are using **Telegram** in malware attacks.