Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Iranian-linked PLC targeting campaign against U.S. critical infrastructure

Campaign
First reported
Last updated
Happening score
H score 36
1 unique sources, 2 articles

Summary

Hide ▲

Iranian-linked hackers are actively targeting Internet-exposed Rockwell/Allen-Bradley PLCs on U.S. critical infrastructure networks, increasing the risk of operational disruption. The campaign has been running since March 2026 and has already caused financial losses and operational disruptions across multiple sectors.

Related Happenings

KNPA deepfake detection tool deployment for election investigations

Security Tool/Service
First: 18.05.2026 04:00 Last: 18.05.2026 04:00 Sources 1

About this happening: South Korea's **National Police Agency (KNPA)** deployed a **deepfake detection tool** in **2024**, strengthening investigative support for **election deepfakes**. The capability...

Open Happening

South Korea enforces election deepfake laws

Public Sector Action
First: 18.05.2026 04:00 Last: 18.05.2026 04:00 Sources 1

About this happening: South Korea will **enforce two laws** on **June 3, 2026** to curb **AI deepfakes** in local political campaigns, creating punishable rules for synthetic election content. The fram...

Open Happening

MuddyWater broad cyber-espionage campaign across sectors and countries

Campaign
First: 14.05.2026 00:59 Last: 14.05.2026 00:59 Sources 1

About this happening: **MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...

Open Happening

Internet-exposed Rockwell Automation/Allen-Bradley PLCs concentrated in the United States

Target Trend
First: 10.04.2026 18:52 Last: 10.04.2026 18:52 Sources 1

How related: Censys data identifies 5,219 internet-exposed hosts globally responding to EtherNet/IP (EIP) and self-identifying as Rockwell Automation/Allen-Bradley devices,

About this happening: A measured exposure pattern shows **5,219** internet-facing **Rockwell Automation/Allen-Bradley** PLC hosts worldwide, expanding the attack surface for **industrial control** netw...

Open Happening

Handala post-ceasefire retaliatory cyberattack campaign targeting the U.S. and Israel

Campaign
First: 09.04.2026 04:22 Last: 09.04.2026 04:22 Sources 1

About this happening: **Handala** and other **pro-Iranian hackers** are keeping a retaliatory **cyber campaign** active after the **ceasefire announcement**, leaving **U.S. and Israeli targets** at ong...

Open Happening

Timeline

  1. 07.04.2026 21:02 2 articles · 1mo ago

    Joint agencies warn of Iranian-linked PLC targeting

    Initial Disclosure

    FBI, CISA, NSA, EPA, DOE, and CNMF issue a joint advisory warning that Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley PLCs used by U.S. critical infrastructure organizations across sectors including Government Services and Facilities, Water and Wastewater Systems, and Energy. The advisory says the ongoing activity has caused financial losses and operational disruptions since March 2026 and includes extraction of device project files and manipulation of data shown on HMI and SCADA displays.

    Show sources
    Open in new tab