The U.S. government has issued a warning that Iran-backed hackers are intensifying their methods by targeting American critical infrastructure systems to create disruptions.
In a joint advisory released on Tuesday, the FBI, the National Security Agency, the U.S. cybersecurity agency CISA, and the U.S. Department of Energy warned that Iranian government hackers have been exploiting internet-facing systems across several sectors, including water and waste-water utilities, energy, and local government facilities. The agencies did not specify targets but indicated the hacks aimed to cause “disruptive effects within the United States” and have already led to “operational disruption and financial loss.”
The hackers targeted programmable logic controllers and supervisory control and data acquisition (SCADA) products, used to control and manage industrial equipment and systems in critical infrastructure operations. The agencies stated that the hackers could manipulate information displayed and maliciously interact with project files containing important device configurations.
These hacks represent a marked escalation in the tactics of Iranian hackers, likely in response to the U.S.-Israel conflict with Iran, which began on February 28 with air strikes killing the country’s leader.
The advisory follows U.S. President Trump’s social media threat earlier on Tuesday, stating, “A whole civilization will die tonight” if Iran does not agree to a deal with the U.S. to open the Strait of Hormuz by the end of the day.
Since the conflict began, an Iranian government-backed hacking group called Handala has been tied to multiple high-profile cyberattacks. This includes a breach at U.S. medical tech giant Stryker, where the hackers remotely wiped thousands of employee devices using the company’s own security tools.
The FBI recently accused the Handala hackers of leaking parts of FBI director Kash Patel’s private email account.
Iran has also targeted several U.S.-owned and operated data centers in the region with missiles and air strikes, causing instability and disruption to regional cloud services.