Iranian-linked hackers exposed nearly 4,000 US industrial devices
AI-generated from multiple sources. Verify before acting on this reporting.
WASHINGTON — Iranian-linked hackers exposed nearly 4,000 industrial devices across the United States to cyberattacks, targeting programmable logic controllers manufactured by Rockwell Automation.
The incident, detected on April 10, 2026, involved the compromise of critical infrastructure components used to automate manufacturing processes, power grids, and water treatment facilities. The exposed devices, known as programmable logic controllers or PLCs, serve as the central nervous system for industrial machinery, controlling operations from assembly lines to energy distribution.
Security researchers identified the intrusion as originating from threat actors with ties to Iran. The attackers gained unauthorized access to the devices, leaving them vulnerable to potential manipulation or disruption. While no immediate damage to physical infrastructure was reported, the exposure created a significant risk to industrial operations nationwide.
Rockwell Automation, based in Milwaukee, Wisconsin, is one of the world's largest suppliers of industrial automation and control solutions. The company's PLCs are widely deployed in sectors including energy, transportation, and manufacturing. The scale of the exposure suggests a coordinated effort to target multiple facilities simultaneously.
Federal authorities have not confirmed whether the attackers successfully altered any device functions or stole proprietary data. The Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency are investigating the incident as part of ongoing efforts to protect critical infrastructure from foreign cyber threats.
Industry experts warn that compromised PLCs could be used to disrupt operations, cause equipment damage, or create safety hazards. Unlike traditional computer networks, industrial control systems often operate with minimal security measures, making them attractive targets for state-sponsored hackers.
The attack occurred during a period of heightened tensions between the United States and Iran over regional security concerns. Previous cyber incidents attributed to Iranian actors have targeted financial institutions, media outlets, and government agencies. This latest exposure marks a shift toward targeting industrial infrastructure.
No motive has been publicly stated by the attackers or confirmed by investigators. Questions remain about whether the exposure was part of a reconnaissance phase for a larger operation or a standalone incident. The potential for future disruptions has prompted increased scrutiny of industrial control systems across the country.
Companies using Rockwell Automation equipment are advised to review their network security protocols and patch vulnerable systems. The incident underscores the growing vulnerability of critical infrastructure to cyber threats and the need for enhanced protective measures.
As investigations continue, officials have not ruled out the possibility of additional devices being compromised. The full scope of the attack and its long-term implications remain unclear.