US warns of real-world disruptions from Iran-backed cyberattacks

The US cybersecurity and intelligence agencies have issued a strong joint warning that Iran-backed hackers are actively targeting American critical infrastructure, with a focus on causing operational disruption and financial losses.

In a joint advisory released on April 7, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the Department of Energy stated that Iranian government-affiliated hackers have escalated their attacks on internet-facing systems in key sectors, including water and wastewater facilities, energy infrastructure, and local government operations.

Iranian hackers escalate amid geopolitical tensions

The agencies noted that the hackers are specifically targeting programmable logic controllers (PLCs) and Supervisory Control and Data Acquisition (SCADA) systems, i.e., industrial equipment used to control physical machinery and processes. The attackers have been able to manipulate device displays and interact maliciously with critical configuration files, potentially leading to real-world disruptions.

This marks a significant escalation in tactics by Iranian-linked groups, widely believed to be a response to the ongoing US-Israel conflict with Iran that began in late February 2026. The advisory comes shortly after US President Donald Trump issued strong warnings to Iran regarding the Strait of Hormuz.

The hackers have focused on operational technology (OT) environments in critical infrastructure. According to the advisory, successful attacks have already resulted in operational disruptions and financial losses at multiple facilities, though specific victims were not publicly named.

A pro-Iranian hacking group known as Handala has been linked to several recent high-profile attacks, including a disruptive breach at medical technology company Stryker and the leak of sensitive emails.

US Govt shares recommendations for organisations

The US agencies urged critical infrastructure operators to take immediate defensive actions, including:

– Securing internet-facing industrial control systems

– Implementing strong network segmentation

– Regularly updating and patching systems

– Monitoring for unusual activity on OT devices

– Using multi-factor authentication and strong password policies

The advisory highlights the growing risk of cyberattacks on critical infrastructure amid rising geopolitical tensions.