The Federal Bureau of Investigation has formally attributed a series of disruptive cyber intrusions targeting American critical infrastructure to hackers linked to Iran. In a joint advisory published Tuesday with the National Security Agency, the Department of Energy, and the Cybersecurity and Infrastructure Security Agency, the FBI detailed how these actors successfully compromised systems controlling physical machinery in the oil, gas, and water sectors, causing operational disruption and financial loss.

Targeting Industrial Control Systems

The advisory warns that the hackers are actively attempting to seize control of Programmable Logic Controllers (PLCs), the digital systems that remotely manage physical industrial equipment. This represents a direct threat to operational safety and continuity. "We have seen both state and non-state actors in Iran pose real risk and show willingness to hurt people through compromising these systems," said Rob Lee, CEO of cybersecurity firm Dragos. "I fully expect them to keep up the pressure and target those sites they can get access to."

Read also
Defense
Driscoll Denies Resignation Plans Amid Escalating Tensions with Defense Secretary Hegseth
Army Secretary Dan Driscoll has publicly stated he has no intention of resigning, directly addressing reports of internal White House discussions about his future amid persistent policy clashes with Defense Secretary Pete Hegseth.

In one confirmed case, hackers affiliated with Iran breached secure internet access for PLCs manufactured by industrial giant Rockwell Automation. The intruders removed security protocols and then "maliciously interacted with project files and altered data." Initial access to some platforms was gained as early as January of last year, with all compromised access reportedly terminated by March.

Broader Campaign Beyond Energy

The campaign was not limited to energy infrastructure. In mid-March, Iran-affiliated hackers also targeted Stryker, a major U.S. medical device manufacturer. It remains unclear if that breach affected physical medical operations. The incidents underscore a pattern of Iranian cyber activity probing vulnerabilities across multiple sectors of the U.S. economy and public health infrastructure.

Federal officials are urging all critical infrastructure operators to adopt heightened defensive measures, including network monitoring and multifactor authentication. "Government and experts have been warning about internet connected systems for years, and how vulnerable they are," a source familiar with the federal investigation told CNN. The source noted that many companies have "already removed those systems and followed the guidance."

Geopolitical Context and Corporate Links

The cyber offensive occurs against a complex geopolitical backdrop. While the U.S. and Iran recently agreed to a temporary ceasefire pending longer-term talks, tensions have run high. The ongoing strategic confrontation over Iran's nuclear program continues to fuel regional instability. Historically, the Trump administration conducted strikes on Iranian energy assets during the conflict.

Rockwell Automation's role highlights the interconnected nature of global industrial technology. Until its dissolution last week, Rockwell had a partnership with Schlumberger (SLB) in a venture called Sensia, which provided automation for the oil and gas industry. Rockwell continues to work with major international firms, including Saudi Arabia's Aramco, the world's largest oil producer. The security of such industrial control systems is paramount, especially as the EPA advances new regulations for water system safety.

The personal dimension of cyber threats was also highlighted, as FBI Director Kash Patel was separately impacted by hackers who leaked his personal emails and travel records from over a decade ago. This serves as a reminder that cyber campaigns often blend strategic disruption with personal intimidation.

The multi-agency advisory represents a significant public warning to industry. It signals that threats to operational technology are immediate and that actors like those in Iran are demonstrating both capability and intent to cause harm. Protecting these systems is no longer just an IT concern but a core national security and public safety imperative, akin to the regulatory shifts seen when the Trump administration reorganized offshore drilling oversight after the Deepwater Horizon disaster.