The U.S. government has issued a stark warning about an increase in cyberattacks from Iran-backed hackers targeting critical infrastructure within the United States. This advisory, released by the FBI, NSA, CISA, and the Department of Energy, highlights the growing threat posed by these hackers, who are focusing on disrupting essential services such as water utilities, energy, and local government operations. The advisory underscores the seriousness of these attacks, which are part of a broader escalation in tactics by Iranian threat actors.

The advisory comes amidst heightened tensions between the U.S. and Iran, following recent military conflicts and political threats. The conflict, which began with U.S.-Israel air strikes on Iran, has seen a corresponding rise in cyber activities attributed to Iranian hackers. The hackers, identified as part of the Handala group, have been linked to several high-profile cyber incidents, including attacks on U.S. medical technology companies and data centers, causing significant disruptions.

Technically, the hackers are exploiting vulnerabilities in internet-facing systems, particularly those involving programmable logic controllers and SCADA systems. These systems are crucial for managing industrial operations and are being manipulated to cause operational disruptions. The hackers have been able to alter the information displayed on these devices and interact with project files that contain critical configurations, posing a significant risk to infrastructure stability.

The impact of these cyberattacks is profound, with the potential to cause widespread disruption and financial losses across affected sectors. The advisory indicates that these attacks are not only a response to geopolitical tensions but also a strategic move to destabilize U.S. infrastructure. The recent cyberattack on Stryker, a major U.S. medical tech company, exemplifies the severity of these threats, as hackers managed to remotely wipe thousands of devices.

In light of these developments, organizations within the targeted sectors are urged to bolster their cybersecurity defenses. This includes implementing robust security measures, conducting regular system audits, and ensuring that all software and systems are up to date with the latest security patches. Additionally, organizations should remain vigilant and prepared to respond swiftly to any signs of cyber intrusion to minimize potential damage and maintain operational continuity.

Source: https://techcrunch.com/2026/04/07/iranian-hackers-are-targeting-american-critical-infrastructure-u-s-agencies-warn/