U.S. intelligence and federal cybersecurity agencies have issued urgent warnings to private-sector operators that Iranian-linked cyber actors are actively targeting critical U.S. infrastructure, according to a government notice. The campaign, which officials say has already caused disruptions, is part of an escalating wave of cyber operations affecting energy, water, and industrial systems across the country and is being closely monitored by multiple federal agencies working with industry partners.
The advisory, jointly issued by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency, the Department of Energy, the Environmental Protection Agency, and U.S. Cyber Command, states that Iranian actors have been exploiting industrial control systems used across essential services. The notice specifically highlights attacks involving programmable logic controllers widely deployed in U.S. critical infrastructure, including systems tied to Rockwell Automation’s Allen-Bradley products, a major industrial automation platform used in manufacturing and utilities.
The Environmental Protection Agency warned that the activity has already affected operational technology used in drinking water and wastewater systems. EPA Assistant Administrator Jeffrey A. Hall said, “Cyberattacks on drinking water and wastewater systems directly threaten public health and community resilience.” He added that “a single breach can disrupt treatment or introduce contaminants, damage equipment, and erode public trust,” underscoring the potential real-world consequences of cyber intrusions into physical infrastructure systems.
Industry executives across energy, water, transportation, and communications sectors have increased monitoring and defensive posture amid concerns that geopolitical tensions could translate into expanded cyber retaliation. Former Energy Secretary Ernest Moniz noted, “There remains concern about Iranian cyber capabilities and retaliation if the U.S. carries through on threats to attack their infrastructure.” He also warned that “there may already be backdoors, Trojan horses and malware hidden in our infrastructure,” reflecting growing fears of latent access within operational technology networks.
The current alert builds on a long history of cyber intrusions targeting U.S. infrastructure. In 2015, Iran-linked hackers reportedly accessed systems tied to Calpine Corp., one of California’s largest power producers, obtaining engineering diagrams and credentials marked “mission critical.” Since then, utilities and telecom operators have strengthened defenses, though officials and executives acknowledge that offensive cyber capabilities have also evolved among state actors.
Security experts also point to broader risks involving other advanced cyber powers, including Russia and China, which have previously been linked to sophisticated, long-dwell intrusions such as Volt Typhoon and Salt Typhoon. Analysts warn that such operations can embed malware within infrastructure networks for years before activation, creating risks of delayed or coordinated disruption during periods of geopolitical conflict.
Recent incidents underscore the continuing vulnerability of critical systems, including a cyber intrusion that forced part of the Los Angeles Metro transit network offline while investigators assessed unauthorized activity. Federal officials, including the FBI and Homeland Security partners, continue to coordinate with local operators, as industry leaders emphasize that roughly 85% of U.S. critical infrastructure remains under private-sector control and therefore reliant on corporate defenses as the first line of cybersecurity protection.
By
By
