U.S. Government agencies have issued an urgent warning regarding Iranian-linked hackers disrupting operations at US critical infrastructure sites. The threat involves a sophisticated campaign targeting the hardware that controls essential industrial processes, leading to operational disruptions and financial losses across multiple sectors.
A joint advisory released by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Environmental Protection Agency (EPA), the Department of Energy, and US Cyber Command highlights that an Iranian-affiliated advanced persistent threat (APT) group has been targeting programmable logic controllers (PLCs). These devices serve as the critical interface between computer automation systems and physical machinery in industrial environments.
The attacks have specifically impacted sectors including energy, government services and facilities, and wastewater systems. According to the advisory, these disruptions have been identified through engagements with victim organizations since at least March 2026 CISA Advisory AA26-097a.
Targeting the ‘Brain’ of Industrial Machinery
To understand the severity of these attacks, it is necessary to glance at the role of programmable logic controllers. PLCs are ruggedized computers, often no larger than a toaster, that reside in factories, oil refineries, and water treatment centers. They are designed to handle the “physical” side of automation—opening a valve, starting a pump, or regulating temperature based on digital commands.

Because PLCs are often located in remote areas of a facility and provide direct control over physical machinery, their exploitation can have immediate real-world consequences. The joint advisory warns that the Iranian-affiliated APT group has successfully disrupted the function of these controllers, which can lead to equipment damage and operational downtime.
Threats to Water and Public Health
The impact on water infrastructure is a primary concern for federal authorities. On April 7, 2026, the EPA, FBI, CISA, and NSA issued a specific joint cybersecurity advisory focused on water systems EPA Joint Advisory. The warning emphasizes that Iranian-affiliated cyber threats are causing the exploitation and disruption of operational technology at drinking water and wastewater systems.
EPA Assistant Administrator for Water Jess Kramer stated that these threats are a serious concern for the nation’s water infrastructure and the various sectors—including hospitals and businesses—that rely on these lifeline services. The risk is not merely technical; it is a matter of public safety. EPA Assistant Administrator for Enforcement and Compliance Assurance Jeffrey A. Hall noted that a single breach in these systems could potentially disrupt water treatment or introduce contaminants, which would directly threaten public health and erode community trust.
What So for Infrastructure Operators
The shift toward targeting PLCs indicates a move from traditional data theft (espionage) toward “operational disruption.” When hackers target the logic controllers, they are no longer just stealing files; they are attempting to manipulate the physical world. For a wastewater plant, this could mean the failure of a filtration process; for an energy provider, it could mean the unexpected shutdown of a power component.
The EPA is currently working to ensure compliance with safety, maintenance, and security requirements to correct vulnerabilities and disrupt these attacks. Water systems are being urged to adopt cybersecurity best practices immediately to ensure the continued delivery of clean and safe water.
The Broader Context of Iranian Cyber Operations
The U.S. Government continues to monitor and provide guidance on threats originating from the Iranian state. CISA maintains a dedicated overview of Iran-affiliated threats to help critical infrastructure and government partners defend their networks CISA Iran Threat Overview.
The current wave of attacks is characterized by the targeting of “Advanced Persistent Threats” (APTs), which are typically state-sponsored groups that possess the resources and patience to conduct long-term campaigns. By infiltrating the industrial automation processes of the energy and government sectors, these actors can create leverage or cause instability within the U.S. Domestic infrastructure.
Key Takeaways for Organizations
- Targeted Hardware: The primary focus is on Programmable Logic Controllers (PLCs) that bridge the gap between software and physical machinery.
- Affected Sectors: Critical impacts have been seen in Wastewater Systems (WWS), Energy, and Government Services.
- Potential Risks: Outcomes include operational disruption, financial loss, and threats to public health via water contamination or treatment failure.
- Official Guidance: Organizations are encouraged to report incidents to the FBI or CISA via the Incident Reporting System.
As these threats evolve, the focus remains on resilience and the rapid correction of vulnerabilities. Federal agencies are continuing to coordinate with law enforcement to hold those responsible for these disruptions accountable.
Official updates and technical guidance for infrastructure operators are available through the CISA and EPA reporting portals. We encourage readers to share this information with professionals in the industrial and utility sectors to increase awareness of these vulnerabilities.