好的,我现在需要帮用户总结一篇文章,控制在100字以内。首先,我得仔细阅读文章内容,理解主要信息。 文章讲的是美国机构警告伊朗相关的黑客攻击关键基础设施中的PLC设备。这些攻击导致了运营中断和财务损失。攻击者利用互联网暴露的PLC,比如Rockwell/Allen-Bradley的设备,通过恶意操作项目文件和篡改HMI和SCADA的数据来造成破坏。 接下来,我需要提取关键点:美国机构(FBI和CISA)、伊朗关联的黑客、目标是关键基础设施的PLC、导致中断和损失、建议组织采取的安全措施。 然后,我要把这些信息浓缩成一段不超过100字的中文总结,避免使用“文章内容总结”之类的开头。确保语言简洁明了,涵盖主要威胁、影响和建议措施。 最后,检查字数是否符合要求,并确保信息准确无误。 </think> 美国机构警告称,伊朗关联的网络攻击者正针对关键基础设施中的互联网暴露型PLC(可编程逻辑控制器)发起攻击,导致运营中断和财务损失。建议组织评估暴露设备、遵循安全指南、断开系统与互联网连接,并采取其他防护措施以降低风险。 2026-4-8 07:46:38 Author: securityaffairs.com(查看原文) 阅读量:18 收藏
U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs
U.S. agencies warn Iran-linked threat actors are targeting internet-exposed PLCs used in critical infrastructure networks.
U.S. agencies, including the FBI and CISA, warn that Iran-linked hackers are targeting internet-exposed Rockwell/Allen-Bradley PLCs used in critical infrastructure. The agencies published a joint advisory involving multiple federal organizations.
“Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley.” reads the joint advisory. “This activity has led to PLC disruptions across several U.S. critical infrastructure sectors through malicious interactions with the project file and manipulation of data on human machine interface (HMI) and supervisory control and data acquisition (SCADA) displays, resulting in operational disruption and financial loss.”
Threat actors are carrying out cyberattacks targeting internet-connected operational technology (OT) across multiple critical infrastructure sectors. Iran-linked actors are believed to be behind the activity, aiming to cause disruption in areas such as government services, water systems, and energy.
The attacks involve manipulating project files and altering data shown on HMI and SCADA systems, leading in some cases to operational disruptions and financial losses. Authorities urge organizations to review indicators of compromise and apply mitigations to reduce risks. The campaign has been linked to groups like CyberAv3ngers, associated with Iran’s IRGC.
Organizations are advised to assess exposed devices, follow security guidance from vendors, disconnect systems from the internet where possible, and coordinate with authorities for incident response and mitigation support.
“The FBI assesses a group of Iranian-affiliated APT actors are targeting internet-exposed PLCs with the intent to cause disruptions—including maliciously interacting with project files, and manipulating data displayed on HMI and SCADA displays—to U.S. critical infrastructure organizations.” conctinues the alert. “Iranian-affiliated APT targeting campaigns against U.S. organizations have recently escalated, likely in response to hostilities between Iran, and the United States and Israel.
During a campaign starting in November 2023, IRGC-linked hackers known as CyberAv3ngers targeted U.S. PLCs and HMIs, disrupting operations. Also tracked under multiple names, the group compromised at least 75 devices, including Unitronics PLCs used across sectors like water and wastewater systems.
“During a similar campaign beginning in November 2023, the IRGC CEC-affiliated cyber threat actors known as “CyberAv3ngers” targeted U.S.-based PLCs and HMIs, causing disruptive effects. Private industry and open sources also refer to this group as Hydro Kitten, Storm-0784, APT Iran, Bauxite, Mr. Soul, Soldiers of Solomon, UNC5691, and the Shahid Kaveh Group. These attacks compromised at least 75 devices, targeting U.S.-based Unitronics PLC devices with an HMI used across multiple critical infrastructure sectors, including WWS”
According to the joint advisory, Iran-linked actors gained initial access to internet-facing Rockwell/Allen-Bradley PLCs using overseas IPs and leased infrastructure, leveraging tools like Studio 5000 Logix Designer. They targeted devices such as CompactLogix and Micro850. For command and control, attackers used ports including 44818, 2222, 102, 22, and 502, and deployed SSH tools like Dropbear for remote access. Activity suggests possible targeting of other vendors, including Siemens PLCs. The attacks enabled the extraction of project files and manipulation of data on HMI and SCADA systems, causing disruption.
Government experts recommend disconnecting PLCs from the internet or protecting them with a firewall, monitoring OT ports for suspicious traffic, scanning logs for indicators of compromise, enabling multifactor authentication, updating firmware, disabling unused services or default keys, and continuously monitoring network activity.
In Mid-March, EU sanctioned Chinese and Iranian firms and individuals for cyberattacks targeting critical infrastructure and over 65,000 devices across member states.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Iran)
如有侵权请联系:admin#unsafe.sh