Iranian hackers are targeting American critical infrastructure, US agencies warn

The U.S. government is warning that Iran-backed hackers are escalating their tactics by targeting American critical infrastructure systems with the aim of causing disruption.

In a joint advisory published Tuesday, the FBI, the National Security Agency, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Department of Energy collectively warned that Iranian government hackers have been exploiting internet-facing systems used across a range of sectors. These include water and wastewater utilities, as well as energy and local government facilities. The agencies did not specifically name any of the targets but said that the hacks were aimed at causing “disruptive effects within the United States” and had already resulted in “operational disruption and financial loss.”

The hackers targeted programmable logic controllers and supervisory control and data acquisition (SCADA) products, which are used to control and manage industrial equipment and systems in critical infrastructure operations, the agencies said. The agencies said that the hackers were able to manipulate information displayed on these devices and maliciously interact with project files that store important device configurations.

The agencies said that the hacks targeting critical infrastructure are a marked escalation in tactics by Iranian hackers, likely in response to the U.S.-Israel war with Iran, which began on February 28 with air strikes that killed the country’s leader. 

The advisory also comes shortly after U.S. president Donald Trump threatened Iran in a social media post earlier on Tuesday, writing, “A whole civilization will die tonight” if Iran does not capitulate to a deal with the United States to open the Strait of Hormuz, a key chokepoint for global shipping traffic, by end of day.

Since the start of the war, an Iranian government-backed hacking group called Handala has been linked to several high-profile cyberattacks, including a disruptive breach at U.S. medical tech giant Stryker, which saw the hackers remotely wipe thousands of employee devices using the company’s own security tools. 

The FBI recently blamed the Handala hackers for leaking the partial contents of FBI director Kash Patel’s private email account. 

Iran has also hit several U.S.-owned and operated data centers across the region with missiles and air strikes, causing instability and disruption to cloud services across the region.