Iranian state-sponsored hackers are actively targeting and compromising critical infrastructure systems across the United States, according to a joint advisory issued on Tuesday by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Department of Energy. The agencies warned that the hackers are exploiting internet-facing industrial control systems with the intent to cause operational disruption.

The advisory states that the campaign has impacted multiple sectors, including water and wastewater systems, the energy sector, and local government facilities. While specific entities were not named, the agencies confirmed the attacks have already resulted in "operational disruption and financial loss" for some victims.

Escalation in Tactics and Techniques

The hackers are specifically targeting programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) devices, which are used to manage physical industrial processes. The advisory details that the attackers have been able to manipulate information displayed on human-machine interfaces and maliciously interact with critical project files, potentially allowing them to alter system operations.

U.S. officials assess this represents a marked escalation in tactics by Iranian cyber actors. The advisory links this increased aggression to the ongoing U.S.-Israel conflict with Iran, which began with air strikes on February 28.

Context of Regional Conflict

The warning follows a social media post by U.S. President Donald Trump on Tuesday threatening Iran, stating "A whole civilization will die tonight" if it does not agree to a U.S. deal to open the Strait of Hormuz by the end of the day. The strait is a vital global shipping chokepoint.

Since the outbreak of hostilities, the Iranian hacking group known as Handala has been linked to several high-profile cyber incidents. These include a disruptive breach at U.S. medical technology firm Stryker, where hackers used the company's own security tools to remotely wipe thousands of employee devices.

The FBI has also recently attributed the leak of partial contents from FBI Director Kash Patel's private email account to the Handala group.

Broader Campaign of Disruption

Beyond cyber operations, Iran has conducted missile and air strikes against U.S.-owned and operated data centres in the region, causing instability and disruption to cloud services. The joint advisory underscores a multi-faceted campaign aimed at undermining U.S. and allied infrastructure both digitally and physically.

The agencies urge all critical infrastructure organisations to review the detailed technical indicators and mitigation strategies contained in the full advisory to bolster their defences against these ongoing threats.