The East Bay Municipal Utility District wastewater treatment plant on 20 March 2024 in Oakland, California. Photograph: Justin Sullivan/Getty ImagesView image in fullscreenThe East Bay Municipal Utility District wastewater treatment plant on 20 March 2024 in Oakland, California. Photograph: Justin Sullivan/Getty ImagesUS warns of Iran-affiliated cyberattacks on critical infrastructure across countrySecurity agencies say municipalities should watch out for unusual activity, especially in water and energy sectors
Top government security agencies issued a warning of Iran-affiliated cyberattacks on critical infrastructure across the US on Tuesday. In a joint statement, the agencies say that municipalities, especially in the water and energy sectors, should be on the lookout for unusual activity.
“Cyberattacks on drinking water and wastewater systems directly threaten public health and community resilience,” Jeffrey Hall, an assistant administrator for enforcement and compliance assurance for the Environmental Protection Agency (EPA), said in a statement. “A single breach can disrupt treatment or introduce contaminants, damage equipment, and erode public trust.”
The notice didn’t detail whether specific facilities had been targeted or any damage had been sustained. The agencies that issued the joint advisory include the EPA, the FBI, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Department of Energy and the US Cyber Command.
The warning comes as Donald Trump has stepped up violent rhetoric against Iran, posting on social media in the early morning hours on Tuesday that “a whole civilization will die tonight, never to be brought back again” if the Middle Eastern country didn’t give into his demands. He gave Iran a deadline of Tuesday evening to reopen the strait of Hormuz, which culminated with the president agreeing to a two-week ceasefire subject to the “COMPLETE, IMMEDIATE, and SAFE OPENING” of the strait.
Iran has been accused for years of carrying out cyberattacks on various countries, including a massive power outage in Turkey in 2015 and several possible breaches of Israeli government websites in 2022. The US alleged an Iran-affiliated group known as “CyberAv3ngers” carried out a campaign against it in 2023 that compromised at least 75 devices in multiple infrastructure sectors.
Read moreIran has also accused the US and Israel of carrying out several cyberattacks against it, including on its nuclear centrifuges and its weapons systems.
Tuesday’s advisory alleged that the hackers are backed by Iran’s Islamic Revolutionary Guards Corps. It said the attacks were focusing on a widely used device called a “programmable logic controller” that’s specifically made by the company Rockwell Automation. Siemens, which also makes these devices, was not named.
The government agencies urged any municipalities using these devices to make sure they’re not connected to the internet.
