Federal agencies including the Cybersecurity and Infrastructure Security Agency, FBI, National Security Agency, Energy Department, and U.S. Cyber Command have issued a joint advisory warning that Iranian hackers are actively breaking into U.S. industrial control systems, with the intent to disrupt American infrastructure [1]. The hackers, identified as 'Iran-affiliated advanced persistent threat (APT) actors,' have compromised internet-facing tools made by Rockwell Automation, a Milwaukee-based manufacturer of industrial control systems [1]. These breaches have resulted in 'disruptions across several U.S. critical infrastructure sectors,' including government services, water and wastewater services, and the energy sector [1].
The advisory notes that the attacks have led to 'operational disruption and financial loss' for affected victims, though it does not specify which companies have been targeted or the severity of the disruptions [1]. The hackers have specifically exploited Rockwell's Studio 5000 Logix Designer, a customizable program used to control industrial systems [1]. Rockwell Automation did not immediately respond to requests for comment regarding the incidents [1].
This warning is the first public advisory concerning domestic critical infrastructure threats since the U.S. war with Iran began in February 2026 [1]. The advisory arrives amid escalating tensions, with President Donald Trump threatening severe retaliation against Iran if a deal to reopen the Strait of Hormuz is not reached [1]. Officials have indicated that the Pentagon has prepared a list of infrastructure targets in Iran, used by both military and civilian sectors, should military action be ordered [1].
Since the onset of the conflict, Iran has publicly claimed evidence for only one significant cyberattack against a U.S. company, specifically targeting a Michigan medical tech company called Stryker [1]. Previous incidents include hackers using the pseudonym 'CyberAv3nger' breaking into at least 75 devices in late 2023, though no significant damage to American water or wastewater operations was publicly reported [1]. Agencies recommend that vulnerable internet-connected controllers be taken offline to mitigate risk [1].
CONCLUSION
Federal agencies have confirmed that Iranian hackers are actively targeting U.S. industrial control systems, causing operational disruptions and financial losses across critical infrastructure sectors. The advisory underscores heightened cybersecurity risks amid escalating U.S.-Iran tensions, with recommendations for immediate mitigation measures. The market impact is high due to the potential threat to essential services and infrastructure.