Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet‑Exposed PLCs
What Happened – Iranian‑affiliated threat actors have begun scanning for and exploiting internet‑facing programmable logic controllers (PLCs) that manage critical‑infrastructure processes in the United States. The attacks have caused reduced PLC functionality, falsified display data, and in several cases outright operational shutdowns that resulted in financial loss.
Why It Matters for TPRM –
- OT devices are often managed by third‑party vendors; exposure indicates gaps in vendor security hygiene.
- Disruption of critical‑infrastructure services can cascade to downstream suppliers and customers, inflating third‑party risk.
- The use of publicly reachable PLCs highlights a systemic mis‑configuration that many supply‑chain partners may share.
Who Is Affected – Energy & utilities, transportation, telecommunications, and any sector that relies on OT‑controlled processes.
Recommended Actions – Conduct an inventory of all third‑party OT assets, verify that no PLCs are internet‑exposed, enforce network segmentation, and demand proof of hardened configurations from vendors.
Technical Notes – Attack vector appears to be exploitation of mis‑configured, internet‑exposed PLCs (no specific CVE disclosed). No data exfiltration was reported; the impact is limited to service disruption and manipulation of control‑system displays. Source: The Hacker News