United States officials are warning that hackers backed by Iran are going on the offensive and have been attacking critical infrastructure systems in the United States in an attempt to disrupt them.
In a joint advisory, the FBI, the National Security Agency, the US Cybersecurity and Infrastructure Security Agency (CISA), and the US Department of Energy warned that Iranian government hackers have been exploiting internet-facing systems used by a range of industries, including water and wastewater utilities, energy, and local government facilities.
The agencies did not name any specific targets, but said the hacks were intended to cause “disruptive effects within the United States” and have already caused “operational disruption and financial loss.”
The hackers exploited programmable logic controllers and supervisory control and data acquisition (SCADA) products, which are used to control and manage industrial equipment and systems in critical infrastructure operations, the agencies said.
Agencies said the hackers manipulated information displayed on those devices and maliciously interacted with project files that store important device configurations.
The hacks targeting critical infrastructure represent a significant escalation in tactics by Iranian hackers, likely in retaliation for the US-Israel war with Iran that began on February 28 with air strikes that killed the country’s leader, the agencies added.
This advisory follows a tweet from US President Donald Trump earlier on Tuesday in which he threatened Iran, saying that “a whole civilisation will die tonight” if Iran did not agree to a deal with the United States to open the Strait of Hormuz, a crucial shipping lane, by the end of the day.
An Iranian government-backed hacking group known as Handala has been tied to several high-profile attacks since the beginning of the war, including a disruptive breach at US medical tech giant Stryker, where hackers remotely wiped 15,000 employee devices using the company’s own security tools.