How are Iran-linked hackers exploiting internet-exposed PLCs to disrupt U.S. critical infrastructure?

Iran-linked hackers are exploiting internet-exposed programmable logic controllers (PLCs) by directly targeting these operational technology devices that are improperly connected to the public internet. PLCs are industrial computers that control machinery and processes in critical infrastructure sectors like energy, water treatment, and manufacturing. When these devices are left internet-facing without proper security controls, attackers can scan for them using tools like Shodan, identify vulnerable models, and gain unauthorized access through default credentials or unpatched vulnerabilities. Once inside, the hackers manipulate PLC logic, alter display data to hide their activities, and disrupt normal operations—such as shutting down equipment or changing operational parameters. This approach bypasses traditional IT security layers by attacking the OT layer directly, where disruptions can cause immediate physical and financial impacts. The attacks specifically aim to degrade PLC functionality to create operational chaos, demonstrating how exposed industrial control systems present a direct pathway for nation-state actors to compromise national security and economic stability.

📖 Read the full article: Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs