WASHINGTON\u00a0\u2014\u00a0U.S. intelligence agencies are \u201curgently warning\u201d private sector companies throughout the nation that Iranian actors \u201care conducting exploitation activity\u201d that has resulted in \u201cdisruptions across several U.S. critical infrastructure,\u201d according to a government notice reviewed by The Times.<\/p>\n
The Iranian cyber activity comes as President Trump is threatening to target Iran\u2019s critical infrastructure in the coming hours, particularly its bridges and power plants.<\/p>\n
Iran\u2019s attack targeted products by Rockwell Automation\u2019s Allen-Bradley, one of the most widely used industrial automation brands, according to the notice, which said that cyber actors affiliated with Iran were exploiting \u201cprogrammable logic controllers across U.S. critical infrastructure.\u201d<\/p>\n
Tehran\u2019s targeting campaigns against U.S. organizations \u201chave recently escalated, likely in response to hostilities between Iran and the United States and Israel,\u201d the notice warned.<\/p>\n
\u201cIran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation\/Allen-Bradley,\u201d the notice reads. <\/p>\n
\u201cU.S. organizations should urgently review the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) in this advisory for indications of current or historical activity on their networks,\u201d it continues.<\/p>\n
The advisory was issued Tuesday jointly by the FBI, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Environmental Protection Agency, the Department of Energy and Cyber Command.<\/p>\n
Top executives from companies at the core of the nation\u2019s ability to function \u2014 those leading America\u2019s largest energy, water, transportation, and communications corporations \u2014 had already been taking it upon themselves to increase their vigilance over potential attacks, concerned that Trump\u2019s willingness to target Iran\u2019s critical infrastructure inadvertently put a mark on their backs.<\/p>\n
Some fear Iran\u2019s ability to conduct cyber operations that could take down transformers or power inverters, if not a wide-scale power system. Others are concerned about threats to brick-and-mortar sites from proxies of Tehran \u2014 physical attacks against facilities such as nuclear plants, or power management systems, the crown jewels of the sector.<\/p>\n
Larger, even more capable actors, particularly Russia and China, may also take advantage of the fog of war to launch strikes themselves.<\/p>\n
\u201cThere remains concern about Iranian cyber capabilities and retaliation if the U.S. carries through on threats to attack their infrastructure,\u201d said Ernest Moniz, former U.S. secretary of energy under President Obama who helped negotiate the 2015 nuclear deal with Iran. \u201cThere may already be backdoors, Trojan horses and malware hidden in our infrastructure.\u201d<\/p>\n
\u201cI have to believe that the government cyber experts \u2014 or what\u2019s left of them \u2014 are working closely and indeed overtime with the power companies and other infrastructure operators on cyber defense and intrusion detection and warning,\u201d Moniz added.<\/p>\n
Iran has demonstrated an ability to penetrate networks tied to critical U.S. infrastructure before.<\/p>\n
In 2015, Iran-backed hackers accessed data associated with Calpine Corp., one of California\u2019s largest power producers, obtaining detailed engineering diagrams and credentials related to power plant systems. Some were labeled \u201cmission critical.\u201d U.S. officials feared at the time that the breach would allow Tehran to initiate blackouts nationwide.<\/p>\n
Since that time, companies at the center of the U.S. energy and telecommunications sectors have markedly improved their defenses. But Iran\u2019s offensive capabilities have improved, as well.<\/p>\n
Large players in the energy sector are operating with \u201ca watchful eye and an elevated posture right now,\u201d said Pedro J. Pizarro, president and chief executive officer of Edison International, the parent company of Southern California Edison, one of the nation\u2019s largest electric utilities.<\/p>\n
Companies like Edison have been operating under persistent threat for over a decade. In 2024, a pair of devastating cyber espionage attacks targeting U.S. critical infrastructure attributed to Chinese hackers, Volt Typhoon and Salt Typhoon, were discovered after avoiding detection for at least three years.<\/p>\n
The threat of a similarly latent attack \u2014 in which malware lies dormant in critical infrastructure systems, waiting for a signal to activate \u2014 is a real cause for concern in the sector, despite its best efforts and technological advances, experts and insiders said.<\/p>\n
\u201cThe threat of cyber and physical attacks targeting critical infrastructure is not new,\u201d said Jennifer DeCesaro, senior vice president of industry operations at the Edison Electric Institute, \u201cwhich is why we partner with the government through the Electricity Subsector Coordinating Council to share actionable intelligence and prepare to respond to incidents that could affect our ability to provide electricity safely and reliably.\u201d<\/p>\n
The ESCC works closely with the National Security Council and its intelligence arms, particularly the intelligence agencies and Cybersecurity and Infrastructure Security Agency, or CISA, to coordinate regular briefings on safety standards, best practices and intelligence tips.<\/p>\n
The CIA declined to comment. A spokesperson with CISA, listed as out of office due to the ongoing federal funding hiatus for the Department of Homeland Security, could not be reached for comment.<\/p>\n
Last summer, announcing a 40% cut to the workforce of her office, Director of National Intelligence Tulsi Gabbard eliminated the Cyber Threat Intelligence Integration Center, previously seen as a critical fusion hub of information by private sector partners.<\/p>\n
Asked to respond to the potential of retaliatory attacks against U.S. infrastructure, Karoline Leavitt, the White House press secretary, repeated the president\u2019s threats. <\/p>\n
\u201cThe Iranian regime has until 8PM Eastern Time to meet the moment and make a deal with the United States,\u201d she said. \u201cOnly the president knows where things stand and what he will do.\u201d<\/p>\n
Trump has threatened to destroy every bridge and power plant in Iran if they fail to come to an agreement that ends its control over the Strait of Hormuz.<\/p>\n
Ultimately, corporate executives shoulder much of the burden as the first line of defense for the country\u2019s critical infrastructure, roughly 85% of which is owned by private sector companies.<\/p>\n
Tom Fanning, former chief executive officer of Southern Co. and now executive committee chairman at the Alliance for Critical Infrastructure, said the threat from Iran is \u201ccredible.\u201d<\/p>\n
\u201cI have not seen what I would describe as the existential threat, to take down a wide-ranging power system,\u201d Fanning said. \u201cCould those things be turned on? Sure. Is the United States critical infrastructure prepared to act? I think so.\u201d<\/p>\n
Last month, early on in the war, the Los Angeles Metro transit system was forced to shut down a portion of its network due to a hack. Authorities say it is still unclear who was behind the breach, but a source told The Times that Iran-backed hackers are being investigated as the potential culprit.<\/p>\n
The transportation agency said its security team had \u201cdiscovered unauthorized activity,\u201d and were making sure its roughly 1,400 servers were secure before bringing them back online. The agency has emphasized the hack did not impact passengers\u2019 commute time.<\/p>\n
The FBI said it was aware of the hack. Homeland Security is working with local partners \u201cto address cyber threats to critical infrastructure,\u201d an official said.<\/p>\n
\u201cThe reality is that the threats are here and now,\u201d Fanning added. \u201cThe truth is, the bad guys are already here.\u201d<\/p>\n
Times staff writers Kevin Rector, Richard Winton and Rebecca Ellis, in Los Angeles, contributed to this report.<\/p>\n","protected":false},"excerpt":{"rendered":"WASHINGTON\u00a0\u2014\u00a0U.S. intelligence agencies are \u201curgently warning\u201d private sector companies throughout the nation that Iranian actors \u201care conducting exploitation…\n","protected":false},"author":2,"featured_media":570342,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[121566,23,3426,251504,1872,801,2744,6779,3,166642,152060,7540,153670,40696,2384,251503,251502,21,19,22,20,25,24],"class_list":{"0":"post-570341","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-united-states","8":"tag-ability","9":"tag-america","10":"tag-company","11":"tag-cyber-defense","12":"tag-energy","13":"tag-iran","14":"tag-nation","15":"tag-network","16":"tag-news","17":"tag-power-plant","18":"tag-president-obama","19":"tag-sector","20":"tag-tehran","21":"tag-threat","22":"tag-time","23":"tag-u-s-organization","24":"tag-u-s-critical-infrastructure","25":"tag-united-states","26":"tag-united-states-of-america","27":"tag-unitedstates","28":"tag-unitedstatesofamerica","29":"tag-us","30":"tag-usa"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts\/570341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/comments?post=570341"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts\/570341\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/media\/570342"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/media?parent=570341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/categories?post=570341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/tags?post=570341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}