• Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Login
Join Free
Home
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Coming Soon
Job Board
Events
Contact Awards
USMC Deception Manual
Login
Join Free
Home Global Operations

Federal Agencies Warn of Iranian Hackers Targeting Rockwell PLCs After Mandatory Patch Deadline Lapsed

  • SOFX Staff Writer
  • April 8, 2026
(Mehaniq / Shutterstock)
Share on FacebookShare on TwitterLinkedIn

Iran-affiliated hackers are targeting internet-exposed Rockwell Automation programmable logic controllers (PLCs) across U.S. energy, water, and government networks, exploiting a vulnerability that federal agencies ordered patched by March 26, according to a joint advisory issued Tuesday.

🚨 Iranian-affiliated cyber actors are targeting internet-connected OT devices, including Rockwell Automation/Allen-Bradley PLCs, across #CriticalInfrastructure sectors. Review our joint #Cybersecurity Advisory for IOCs & mitigations. 👉 https://t.co/DO9mqoXpLF pic.twitter.com/r9NJDSfaRr

— CISA Cyber (@CISACyber) April 7, 2026


The Cybersecurity and Infrastructure Security Agency (CISA), FBI, NSA, Environmental Protection Agency (EPA), Department of Energy (DOE), and U.S. Cyber Command’s Cyber National Mission Force (CNMF) jointly assessed that “Iranian-affiliated advanced persistent threat (APT) actors,” sophisticated hacker groups linked to state military or intelligence services, are targeting Rockwell’s Studio 5000 Logix Designer software and Allen-Bradley PLCs “to cause disruptive effects within the United States.”

CISA added CVE-2021-22681, an authentication bypass flaw in Studio 5000 involving hardcoded keys, to its Known Exploited Vulnerabilities (KEV) catalog on March 5. This established a mandatory federal remediation deadline of March 26, yet exploitation persists.

Acting CISA Director Nick Andersen noted as recently as mid-March that the agency had “not seen a rise in threat actor activity” linked to Iran.

Hackers manipulated human-machine interface (HMI) and supervisory control and data acquisition (SCADA) display data, extracted device project files, and caused operational disruption and financial losses in some cases, the advisory states.

CISA joint advisory today: Iranian APT actors actively compromising internet-exposed PLCs in US water, energy, and government sectors.

No exploit needed. They used Rockwell’s own engineering software. Control logic extracted. SCADA displays falsified.

Full analysis:… pic.twitter.com/FHW10ck8Mj

— Picus Security (@PicusSecurity) April 7, 2026


Kimberly Mielcarek, vice president of the North American Electric Reliability Corporation (NERC), said the organization dispatched an “all-points bulletin” to energy sector members.

“Our Watch Operations team is actively monitoring the grid, while we continue to coordinate closely with the Department of Energy, the Electricity Subsector Coordinating Council, and our federal and provincial partners,” Mielcarek said.

Ed Moreland, Rockwell Automation’s vice president of government affairs and corporate communications, said the company “takes seriously the security of its products and solutions and has been closely coordinating with government agencies.”

The advisory is the first public domestic infrastructure warning since U.S. and Israeli forces struck Iran on February 28.

The campaign mirrors a 2023 operation by CyberAv3ngers, affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC), that compromised Israeli-made Unitronics control panels at Pennsylvania water facilities. The pattern is consistent with Iranian targeting of infrastructure linked to Israeli-affiliated technology.

SOFX Staff Writer

SOFX Staff Writer

The Editor Staff at SOFX comprises a diverse, global team of dedicated staff writers and skilled freelancers. Together, they form the backbone of our reporting and content creation.

Subscribe
Login
Notify of
guest
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
ADVERTISEMENT

Trending News

Ukraine Said to Deploy AI Drones That Identify Human Targets via Facial and Heat Signatures

Ukraine Said to Deploy AI Drones That Identify Human Targets via Facial and Heat Signatures

by SOFX Staff Writer
May 22, 2026
0

Russian military bloggers claim Ukraine has started deploying drones equipped with artificial intelligence systems capable of identifying and guiding themselves...

Iran’s ‘Jellyfish’ Drone Swarm Reveals Tech Leap to Global Military Analysts

Iran’s ‘Jellyfish’ Drone Swarm Reveals Tech Leap to Global Military Analysts

by SOFX Staff Writer
June 25, 2026
0

The F-15E Strike Eagle pilot rescued from Iran in April told U.S. intelligence officials he observed multiple Iranian drones moving...

Supreme Court Says Geofence Location Sweeps Count as Fourth Amendment Searches

Supreme Court Says Geofence Location Sweeps Count as Fourth Amendment Searches

by SOFX Staff Writer
June 30, 2026
0

The U.S. Supreme Court on Monday ruled that law enforcement's use of geofence warrants is subject to Fourth Amendment protections,...

Republic of Korea Air Force military police members set up a mobile communication center during an active shooter training event at Daegu Air Base, ROK, April 24, 2023. Before the training event, evaluators ran through the training in a ‘table top’ format. (U.S. Air Force photo by Airman 1st Class Aaron Edwards)

An In-depth Look at Hong Kong’s Special Duties Unit

by SOFX Staff Writer
September 2, 2023
0

The Special Duties Unit (SDU), colloquially known as the ‘Flying Tigers’, is Hong Kong's premier police unit, trained to handle...

ADVERTISEMENT
ADVERTISEMENT
Next Post
Three Gunmen Attack Israeli Consulate in Istanbul in Suspected ISIS Strike

Three Gunmen Attack Israeli Consulate in Istanbul in Suspected ISIS Strike

Gunfire Targets Indianapolis Councilor After Publicly Supporting Controversial $500M Data Center Project

Gunfire Targets Indianapolis Councilor After Publicly Supporting Controversial $500M Data Center Project

997 Morrison Dr. Suite 200, Charleston, SC 29403

News

  • Global Operations
  • Special Interest
  • Industry
  • Global Operations
  • Special Interest
  • Industry

Resources

  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
No Result
View All Result
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Subscribe
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.

Log in to your account

Lost your password?
wpDiscuz