Iran-affiliated hackers have been attacking internet-facing operational technology devices—particularly Rockwell/Allen-Bradley PLCs and potentially Siemens equipment—causing operational disruptions and financial losses across multiple U.S. critical infrastructure sectors. U.S. agencies link the activity to IRGC-associated APTs that have exploited CVE-2021-22681 and urge removing OT devices from direct internet exposure and checking logs for suspicious traffic. #IRGC #CVE-2021-22681
Keypoints
- Iran-affiliated threat actors are targeting internet-connected OT devices, including Rockwell/Allen-Bradley PLCs and possibly Siemens gear.
- Attacks have caused operational disruption and financial loss across municipal governments, water/wastewater systems, and the energy sector.
- Federal agencies identified exploitation of CVE-2021-22681 and ordered federal agencies to patch affected Rockwell products.
- Advisory links the campaign to prior 2023–2024 IRGC-related PLC intrusions and notes at least 75 devices were compromised in the earlier campaign.
- Agencies recommend removing PLCs and OT from direct internet exposure, monitoring logs for suspicious traffic, and applying vendor patches immediately.
Read More: https://therecord.media/fbi-pentagon-warn-iran-hacking-groups-target-ot