US cybersecurity and law-enforcement agencies are warning that Iranian government-linked hackers are actively compromising internet-connected industrial systems in the United States, targeting equipment used in water, wastewater, energy, and government facilities.
Federal warning points to critical infrastructure targets
The warning was issued jointly by the FBI, the National Security Agency, the Cybersecurity and Infrastructure Security Agency, the Environmental Protection Agency, the Department of Energy, and US Cyber Command’s Cyber National Mission Force.
According to TechCrunch, the agencies said Iranian hackers have been exploiting internet-facing systems used across water and wastewater utilities, energy facilities, and local government operations.
The advisory also says the attackers are targeting programmable logic controllers, or PLCs, and supervisory control and data acquisition systems, better known as SCADA, which are used to monitor and control industrial equipment.
The hackers are going after the control layer itself
This is not just a matter of website defacement or stolen files.
The agencies said the hackers were able to manipulate information displayed on affected devices and “maliciously interact with project files” containing critical configurations.
Reuters shared the actors extracted device project information and altered what operators saw on HMI and SCADA displays. That means the campaign appears aimed at the machinery and interfaces that help run physical infrastructure, not just the office IT around it.
Officials say the activity marks an escalation
US officials are framing the intrusions as part of a broader escalation.
The agencies view the activity as a more aggressive phase of Iran-backed cyber operations. The hacking has escalated since the start of the war, with officials linking the activity to rising hostilities.
The advisory came shortly after President Donald Trump issued a threat to Iran in a social media post, adding a charged political backdrop to the cyber warning.
The agencies did not publicly name the victims, but the tone of the warning was unusually direct. The advisory said the activity is intended to create disruption inside the United States.
The affected sectors include government services, water and wastewater services, and energy. That makes the alert notable not just for its source, but for the fact that officials are describing real-world consequences rather than hypothetical risks.
A familiar weakness: exposed industrial devices
The government warning also highlights an old problem that keeps returning: industrial systems connected directly to the public internet.
The attackers are exploiting exposed systems, and the campaign is focused on vulnerable PLC and SCADA environments.
In other words, the threat is not only Iran’s capability. It is also the persistence of operational technology that remains reachable from outside networks despite years of warnings from security experts.
What the warning means now
For now, the agencies are urging operators to urgently review the advisory and harden exposed systems.
The alert warns that these attacks are already causing disruption, and the focus on control systems raises the stakes well beyond ordinary network intrusion.
The message from Washington is blunt: this is not just about stealing information. It is about interfering with the digital systems that help run essential services — and in some cases, officials say, that interference is already happening.
