The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Iran-Linked PLC Exploitation Expands Across US Critical Infrastructure

Apr 17, 2026 2:14:36 PM / by The Hivemind posted in Threat Bulletin, Iran cyber attacks, PLC exploitation, Iranian hackers critical infrastructure, Rockwell PLC vulnerability, Allen Bradley cyber attack, SCADA manipulation, water infrastructure cyber attack, OT cybersecurity threat

0 Comments

Verticals Targeted: Critical Infrastructure, ONG, Electricity, Water, Government
Regions Targeted: US
Related Threat Actors: CyberAv3ngers, Static Kitten, Refined Kitten, Helix Kitten, Banished Kitten

Executive Summary

A joint US government advisory confirmed that Iran-affiliated cyber actors are actively exploiting internet-facing industrial control systems, particularly Rockwell Automation/Allen-Bradley PLCs, across US critical infrastructure. The activity has resulted in operational disruption, manipulation of HMI/SCADA data, and financial loss in sectors including water, energy, and government facilities. The campaign reflects a continuation of Iran’s established OT targeting playbook, prioritizing exposed industrial assets over sophisticated intrusion chains. Recent activity indicates a shift from defacement and signaling toward direct process interference, increasing the risk of real-world operational impact during periods of geopolitical tension.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More