IN Brief:
- Federal agencies warned on 7 April that Iranian-affiliated actors were targeting publicly exposed PLCs and related control environments.
- The activity has caused operational disruption and financial loss in some cases across several US critical infrastructure sectors.
- NERC said it is actively monitoring the grid with the Department of Energy and the Electricity Subsector Coordinating Council.
NERC said it is actively monitoring the grid after a U.S. cyber advisory warned that Iranian-affiliated actors are targeting publicly exposed programmable logic controllers and related control environments across several critical infrastructure sectors, including energy.
The advisory, issued on 7 April by CISA, the FBI, the NSA, the Environmental Protection Agency, the Department of Energy, and U.S. Cyber Command’s Cyber National Mission Force, described activity affecting PLCs, supervisory control and data acquisition displays, and human-machine interface data. In some cases, the activity has already caused operational disruption and financial loss.
The agencies said the campaign has involved malicious interactions with controller software and configuration settings, alongside attempts to alter display data and extract project files from targeted systems. NERC said it is coordinating with the Department of Energy and the Electricity Subsector Coordinating Council as it tracks the situation.
The advisory identifies internet-reachable control assets as the primary attack surface and was issued as U.S. agencies said Iranian hacking campaigns targeting equipment used across multiple critical infrastructure sectors had escalated in response to hostilities. The full notice is available on CISA’s advisory page.
