A coalition of U.S. government agencies issued a joint security advisory warning Iranian‑affiliated threat actors are actively targeting U.S. critical infrastructure, with a focus on internet-connected OT/ICS devices and PLCs.

The advisory frames the activity as a notable escalation in Iranian cyber tactics amid broader U.S.-Israel‑Iran tensions and recent regional military actions.

Security officials say hackers have compromised internet-connected industrial control systems, including PLCs used in ports, power plants, water facilities, and municipal utilities, signaling potential critical infrastructure risk.

Some disruptions have forced sites to shut down processes and operate manually, leading to financial losses for victims; in some cases destructive malware or wipers were attempted but not confirmed as successful.

Officials describe the situation as a developing story with ongoing investigations and updates planned.

A reported ransomware incident at a North Dakota water treatment plant is being explored for possible links to the broader campaign, though no formal attribution has been made.

Attackers are exploiting internet‑connected OT devices, specifically PLCs from vendors like Rockwell Automation, to alter display information and disrupt operations.

Hackers have targeted PLCs and SCADA products to manipulate device data and configuration files, risking downtime and safety concerns.

The campaign has targeted OT/ICS to tamper with information and disrupt critical infrastructure across multiple sectors.

No individual organization has publicly claimed responsibility, and the advisory does not disclose which entities were disrupted or lost.

Sectors potentially affected include utilities and other critical infrastructure reliant on ICS, though exact targets remain undisclosed.

Authorities urge municipalities using PLCs to disconnect exposure from the internet and to heighten monitoring for unusual activity.