Iran-affiliated cyber actors are targeting operational technology devices across US critical infrastructure, including programmable logic controllers (PLCs).
These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial loss.
The FBI, CISA, NSA, EPA, US Dept of ENERGY, and US CYBERCOM are urging US organizations — especially municipalities and those in the water and energy sectors — to review the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) detailed in this advisory.
Applying the recommended mitigations will reduce the risk of compromise: http://ic3.gov/CSA/2026/260407.pdf
