Iranian hackers are escalating attacks on critical sectors of the US infrastructure as tensions increase over hostilities in the Middle East, according to an advisory issued Tuesday by a group of intelligence and law enforcement agencies.
The hacking campaign is targeting internet-exposed operational technology devices, including programmable logic controllers used to control critical sectors such as water, energy and local municipalities, the advisory said. The campaign appears to have already affected some critical sectors, according to a statement issued by the FBI.
“These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial loss,” the FBI said in a post on X (formerly called Twitter).
The advisory on escalating hacking campaigns comes as President Donald Trump has threatened that a “whole civilization will die tonight” if Iran fails to meet his latest deadline to strike a deal that includes reopening the Strait of Hormuz.
The advisory didn’t identify the companies targeted or describe the severity of the attacks, but it did say hackers were discovered interacting with project files and altering display data. The advisory recommends disconnecting vulnerable controllers from the internet.
In March, Iran-linked hackers claimed to have accessed FBI Director Kash Patel’s personal Gmail account and posted photos and his resume online. A group called Handala Hack Team, which federal investigators say is associated with Iran’s Ministry of Intelligence and Security, posted pictures of Patel smoking a cigar while posing next to a vintage convertible and holding a large bottle of Havana Club rum.
Last week, Iran threatened to strike facilities in the Middle East owned by US technology companies as part of the escalating war that began with US and Israeli strikes at the end of February. The US government said it would defend the companies that have been threatened.
The advisory was jointly authored by the FBI, National Security Agency, the federal Cybersecurity and Infrastructure Security Agency, the Energy Department, the Environmental Protection Agency and US Cyber Command.
Read the full article here