US warns of Iran-affiliated cyber-attacks on critical infrastructure across country

Top government security agencies issued a warning of Iran-affiliated cyber-attacks on critical infrastructure across the US on Tuesday. In a joint statement, the agencies said municipalities, especially in the water and energy sectors, should be on the lookout for unusual activity.

“Cyberattacks on drinking water and wastewater systems directly threaten public health and community resilience,” Jeffrey Hall, an assistant administrator for enforcement and compliance assurance for the Environmental Protection Agency (EPA), said in a statement. “A single breach can disrupt treatment or introduce contaminants, damage equipment, and erode public trust.”

The notice did not detail whether specific facilities had been targeted or any damage had been sustained. The agencies that issued the joint advisory include the EPA, the FBI, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Department of Energy and the US Cyber Command.

The warning came as Donald Trump has stepped up violent rhetoric against Iran, posting on social media in the early morning hours on Tuesday that “a whole civilization will die tonight, never to be brought back again” if the Middle Eastern country didn’t give into his demands. He gave Iran a deadline of Tuesday evening to reopen the strait of Hormuz, which culminated with the president agreeing to a two-week ceasefire subject to the “COMPLETE, IMMEDIATE, and SAFE OPENING” of the strait.

Iran has been accused for years of carrying out cyber-attacks on various countries, including a massive power outage in Turkey in 2015 and several possible breaches of Israeli government websites in 2022. The US alleged an Iran-affiliated group known as “CyberAv3ngers” carried out a campaign against it in 2023 that compromised at least 75 devices in multiple infrastructure sectors.

Iran has also accused the US and Israel of carrying out several cyber-attacks against it, including on its nuclear centrifuges and its weapons systems.

Tuesday’s advisory alleged that the hackers are backed by Iran’s Islamic Revolutionary Guard Corps. It said the attacks were focusing on a widely used device called a “programmable logic controller” that’s specifically made by the company Rockwell Automation. Siemens, which also makes these devices, was not named.

The government agencies urged any municipalities using these devices to make sure they are not connected to the internet.