Iranian state-linked threat actors have been flagged by U.S. government agencies for targeting industrial control systems (ICS) following U.S. airstrikes on Iranian nuclear sites, with specific focus on water facilities, energy, food and beverage manufacturing, and healthcare networks. The joint warning from DHS, CISA, FBI, NSA, and DOD’s DC3 highlights that hackers—often using default credentials—have targeted devices like Unitronics Vision PLCs, Orpak SiteOmat fuel station automation, Red Lion devices, and Tridium Niagara systems. Scans by Censys revealed that the number of internet-exposed, easily discoverable systems increased by 4–9% since January 2025, suggesting that many organizations have not taken adequate measures to secure their OT assets.

The bulletin urges companies overseeing critical infrastructure—particularly those connected to Israeli interests—to implement immediate mitigations: isolate OT systems from the public internet, enforce strong unique passwords, enable multifactor authentication, promptly apply patches, and conduct regular security audits. While no large-scale coordinated attacks have been confirmed in the U.S., officials stress that even low-sophistication intrusions using basic exploitation methods pose serious threats to essential services, and maintaining vigilance is critical.

‍

Source: https://www.securityweek.com/iranian-hackers-preferred-ics-targets-left-open-amid-fresh-us-attack-warning/