U.S. federal agencies warn that Iranian-affiliated APT actors are compromising internet-facing Rockwell Automation/Allen‑Bradley PLCs to manipulate HMI and SCADA displays, causing operational disruptions across Energy, Water and Wastewater Systems, and Government Facilities. Attackers use leased overseas infrastructure and legitimate tools like Studio 5000 Logix Designer and Dropbear SSH to maintain access, and agencies urge immediate defensive actions such as disconnecting PLCs and using secure gateways. #RockwellAutomation #CyberAv3ngers
Keypoints
- Iranian-affiliated APTs are actively targeting internet-exposed Rockwell Automation/Allen‑Bradley PLCs.
- Actors manipulate project files and HMI/SCADA displays to mask malicious logic changes and cause operational disruption.
- Primary vectors include direct internet exposure and use of legitimate software like Studio 5000 Logix Designer and Dropbear SSH.
- Confirmed impacts span Energy, Water and Wastewater Systems, and Government Facilities, with potential targeting of Siemens S7 via common OT ports.
- Agencies recommend disconnecting PLCs from the public internet, using secure gateways or jump hosts, setting controllers to Run, and monitoring ports such as 44818, 2222, 102, and 502.
Read More: https://securityonline.info/iranian-apt-targeting-us-critical-infrastructure-ot-plcs/