Turning Off the Taps: Iran's IRGC Hackers Are Already Inside US Water, Energy, and Power Infrastructure

A joint CISA-FBI-NSA emergency advisory confirms Iran-linked APT actors are actively sabotaging Rockwell Automation PLCs across US critical infrastructure - and the damage isn't theoretical

The machines that run modern water treatment plants, power substations, and municipal utilities were never designed to be connected to the internet - and that design assumption is now being weaponized. (Unsplash)

The Iran war didn't start and stop at the Strait of Hormuz. While US B-2 bombers and Israeli F-35s carried out strikes against underground Iranian nuclear facilities, while Navy destroyers jousted with Houthi drones in the Red Sea, and while diplomatic back-channels hummed with ceasefire talk in Islamabad, a quieter and more insidious theater of operations was opening up inside the continental United States.

On April 7th, a joint advisory signed by six US government agencies - the FBI, CISA, NSA, EPA, Department of Energy, and US Cyber Command - confirmed what industrial cybersecurity firms had been observing for weeks: Iranian-affiliated advanced persistent threat actors are actively exploiting internet-facing programmable logic controllers across US critical infrastructure, targeting water and wastewater systems, energy utilities, and government facilities.

The damage is real. Operational disruption. Financial loss. Physical machinery behaving in ways it shouldn't. Not a drill, not a near-miss - actual impact to systems that millions of Americans depend on for clean water and reliable power. Source: CISA Advisory AA26-097A, April 7, 2026

This is the second front in the Iran war. It's been open for weeks. Most of the country doesn't know it's happening.

What Is a PLC - and Why Should You Care?

Programmable logic controllers are the digital nervous system of modern infrastructure - embedded computers that translate software commands into physical action. (Unsplash)

To understand what Iran has been doing inside US infrastructure, you first need to understand the thing they're attacking: the programmable logic controller, or PLC.

PLCs are small industrial computers. They've been around since the 1960s, originally invented by GM to replace relay-logic electrical panels in auto manufacturing. Today, they're everywhere. When you turn on a tap and clean water comes out, a PLC is controlling the pump pressure. When the power stays on during a summer heat wave, PLCs are managing load distribution across the grid. When a municipal sewage system processes waste without overflowing into streets, PLCs are orchestrating the valve sequences that make it work.

The critical thing to understand about PLCs is that they translate digital commands into physical reality. A PLC doesn't just display information - it moves actuators, opens valves, adjusts chemical dosing pumps, controls motor speeds. This is what makes attacks on PLCs categorically different from attacks on office computers or even hospital systems. Ransomware encrypts your files. A compromised PLC can poison your drinking water.

We've already seen this play out. In February 2021, a hacker accessed the water treatment system in Oldsmar, Florida, and remotely adjusted the sodium hydroxide levels - lye, a caustic compound - to a concentration that could have caused chemical burns if it reached consumers. The manipulation was caught by an operator who noticed the cursor moving on his screen. The PLC was doing exactly what it was told to do by someone who had no right to tell it anything.

Iran's hackers aren't interested in a single small town in Florida. They're operating at scale, across sectors, with deliberate disruption as the goal.

CyberAv3ngers: Three Years of Getting Away With It

CyberAv3ngers - the Shahid Kaveh Group - has operated under Iranian Revolutionary Guard Corps (IRGC) command since at least 2023, repeatedly targeting western infrastructure with remarkable impunity. (Unsplash)

The group carrying out these attacks isn't new. The joint advisory explicitly ties the current PLC exploitation campaign to CyberAv3ngers - also known as the Shahid Kaveh Group - a cyber unit affiliated with Iran's Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC).

The IRGC is Iran's most powerful military-ideological force, a parallel state-within-a-state that controls significant portions of the Iranian economy, runs proxy forces across the Middle East, and - crucially for this story - maintains dedicated cyber offensive units that operate with objectives and methods quite different from traditional military hackers.

CyberAv3ngers first surfaced publicly in late 2023, following Hamas's October 7 attacks on Israel. As Israel launched its military response into Gaza, the group began targeting industrial control systems at water utilities in Israel and the United States. Their signature move at the time: hacking into Unitronics PLCs at water and wastewater facilities, setting the device names to read "Gaza," and displaying the CyberAv3ngers logo on operator screens. At a Pittsburgh-area water authority, this forced emergency manual override of treatment systems. Similar disruptions hit facilities in Israel, Ireland, and across the American northeast.

This was initially dismissed as vandalism - propaganda graffiti from hackers who wanted visibility rather than capability. That interpretation turned out to be dangerously wrong.

Industrial cybersecurity firms Dragos and Claroty, who were tracking the attacks in real time, found something more disturbing beneath the surface. CyberAv3ngers hadn't merely tagged devices - they had corrupted firmware and embedded themselves deep enough to disrupt service flows. The vandalism was a calling card. The real goal was demonstrating persistent access.

"The Unitronics attacks demonstrated the IRGC does have industrial control systems hacking capabilities. If you look at the IRGC playbook, they know they can't compete on the traditional military field. So they attempt to cause disruption within the cyber domain using asymmetric warfare techniques." - Grant Geyer, Chief Strategy Officer, Claroty

In 2024, the group escalated. Dragos documented CyberAv3ngers breaching a US oil and gas company - a more consequential target than a municipal water authority. Around the same time, the group developed and deployed a piece of malware called IOControl, designed to infect industrial control systems and IoT devices and lie dormant. Not disruptive ransomware - persistent access. Infrastructure they could activate later.

"They wanted to be able to infect all kinds of assets that they identify as critical and just leave their malware there as an option for the future," Claroty researcher Noam Moshe told Wired. The terminology intelligence analysts use for this kind of positioning is "pre-positioning" - an adversary burrowing into critical systems not to attack today, but to have the capability ready when the political moment demands it. Source: Wired, April 7, 2026

The political moment arrived in March 2026, when US and Israeli forces began striking Iranian nuclear sites under Operation Epic Fury. CyberAv3ngers, apparently, had been waiting.

The Technical Anatomy of the Current Attack Campaign

Rockwell Automation's Allen-Bradley PLCs are among the most widely deployed industrial controllers in North America. The authentication bypass vulnerability at the heart of this campaign has been publicly known since 2021. (Unsplash)

The CISA advisory provides unusually specific technical detail about how the attacks are being carried out. That specificity is itself a message - an acknowledgment that the threat is urgent enough to risk revealing intelligence tradecraft in order to push defenders into action.

The primary target is Rockwell Automation's Allen-Bradley line of PLCs - the dominant brand in North American industrial automation, used in water treatment facilities, electrical substations, oil refineries, and manufacturing plants from Maine to California. The advisory notes that "other branded PLCs" may also be affected, suggesting the campaign is broader than what's publicly confirmed.

The specific vulnerability at the center of the campaign is CVE-2021-22681 - an authentication bypass flaw in Rockwell's Logix line of controllers that was publicly disclosed five years ago. Rockwell issued guidance on the vulnerability at the time. The fact that it's still being exploited at scale in 2026 tells you something important about the industrial control system security landscape: remediation in OT environments is slow, difficult, and often deferred indefinitely because patching a PLC typically means taking it offline, which means shutting down whatever physical process it controls.

The attack chain works like this. Iranian-affiliated actors scan the internet for exposed PLCs - devices that are directly accessible via internet-facing IP addresses, which they absolutely should not be but often are, because they were deployed before anyone expected them to be connected to the internet. They query these devices on known industrial protocol ports: 44818 (EtherNet/IP), 2222 (EtherNet/IP encapsulation), 102 (ISO-TSAP, used by Siemens and others), and 502 (Modbus TCP). The advisory specifically flags traffic from overseas hosting providers on these ports as a red flag indicator.

Once they find an exposed and vulnerable device, the authentication bypass vulnerability lets them access the PLC's project files - the software logic that determines how the device behaves. They manipulate the project files and alter what's displayed on the HMI (human-machine interface) and SCADA (supervisory control and data acquisition) displays that operators use to monitor and control industrial processes. In the worst-case scenarios, those display manipulations become operational manipulations - the PLC starts doing what the attacker tells it instead of what the operator intends.

The advisory is notably vague about the actual scale of disruption - "a few cases" of operational disruption and financial loss, with no specifics about which facilities, which regions, or what precisely failed. That vagueness is deliberate. The government doesn't want to hand Iran a damage assessment. But industrial cybersecurity firms that have been responding to incidents paint a less reassuring picture.

"We have seen both state and non-state actors in Iran pose real risk and show willingness to hurt people through compromising these systems," Rob Lee, CEO of Dragos, told Wired. "I fully expect them to keep up the pressure and target those sites they can get access to." Dragos says it has responded to multiple ICS incidents since Operation Epic Fury began last month. Source: Wired, April 7, 2026

The Handala Dimension: Two Groups, Two Strategies

Iran's cyber operations against the US are bifurcated between the IRGC's disciplined, infrastructure-focused CyberAv3ngers and the more chaotic, politically-driven Handala group - both now active simultaneously. (Unsplash)

The PLC campaign isn't Iran's only active cyber front against the US. Running in parallel, and often in the news more loudly, is a second group: Handala.

Where CyberAv3ngers is disciplined, persistent, and focused on industrial infrastructure, Handala is louder, more chaotic, and politically theatrical. Handala - whose logo is based on Naji al-Ali's iconic Palestinian cartoons - is widely assessed to operate on behalf of Iran's Ministry of Intelligence, distinct from the IRGC's Cyber Electronic Command. The two groups represent different philosophies of cyber warfare, both active simultaneously in what appears to be a coordinated multi-vector campaign.

Handala's recent operations have included a breach of medical technology firm Stryker, a company that manufactures surgical equipment, hospital beds, and medical devices deployed in hundreds of facilities across the US. The full scope of what was accessed has not been disclosed. Separately, the group executed a hack-and-leak operation targeting the personal Gmail account of FBI Director Kash Patel - a politically charged action designed more to embarrass the administration than to extract operational intelligence. Source: Wired, April 7, 2026

Last Tuesday, when Trump posted his now-infamous "an entire civilization will die tonight" threat to Truth Social - apparently directed at Iranian civilian infrastructure - Handala responded within hours on Telegram: "Tonight, cyber and missile soldiers will fight side by side for one nation. We have a spectacular night ahead."

That's not braggadocio. That's operational signaling. The timing and language are deliberate coordination with the military tempo of the broader conflict.

The strategic picture that emerges from combining CyberAv3ngers and Handala operations is one of deliberate ambiguity. The IRGC-linked group targets infrastructure with precision tools and stays quiet about it - no press releases, no claims. Handala targets high-visibility targets and publicizes everything. Together, they create maximum uncertainty for US defenders: infrastructure teams don't know what's compromised and what isn't, while policymakers face constant public pressure from the leaks and embarrassments Handala generates.

The OT Security Gap: Why This Was Predictable and Preventable

America's water treatment infrastructure was built over decades with physical security assumptions that never anticipated remote digital attacks via internet-connected control systems. (Unsplash)

The uncomfortable reality at the heart of this story is that none of this is surprising to people who work in operational technology (OT) security. The vulnerability of US critical infrastructure to exactly this kind of attack has been documented, warned about, briefed to Congress, included in annual threat assessments, and generally ignored for years.

The problem has several interlocking layers:

Legacy Systems With No Security Architecture

Most of the PLCs and SCADA systems running US critical infrastructure were designed in the 1990s and 2000s, when "air gap" - physical isolation from external networks - was the assumed security model. These devices were never designed with authentication, encryption, or remote access security in mind, because the assumption was that the only people who could touch them were people physically present in the facility.

That assumption collapsed when industrial operators started connecting these systems to enterprise IT networks for monitoring, management, and efficiency reasons. The IT-OT convergence made business sense. It also created attack surfaces that the devices' designers never anticipated and that the devices' architecture cannot easily defend.

CVE-2021-22681 - the authentication bypass at the center of the current campaign - is a textbook example of what happens when you expose a device designed without authentication to the internet. The vulnerability was disclosed five years ago. It remains exploitable today across thousands of deployed devices because patching it requires downtime that facility operators are unwilling or unable to accept.

The Remediation Paralysis Problem

In IT security, patching is routine. You deploy a patch, maybe restart a service, continue. In OT security, patching can mean shutting down a water treatment plant that serves 500,000 people for 48 hours while maintenance teams work through the upgrade process. It might mean taking a power substation offline during a period when grid operators can't afford reduced capacity. It might require flying in specialized technicians who understand both the industrial process and the software system.

The practical result is that OT systems often run unpatched for years - not from negligence, but from a rational calculus that the operational risk of downtime outweighs the security risk of a vulnerability that hasn't yet been actively exploited. Once CyberAv3ngers started actively exploiting CVE-2021-22681, that calculus should have shifted - but the underlying constraint hasn't changed. These systems are hard to patch.

The Internet Exposure Problem

The CISA advisory's first and most urgent recommendation is to "remove PLCs from direct internet exposure via secure gateway and firewall." That sentence - which security professionals have been repeating for a decade - tells you everything about where the industry is.

Industrial PLCs should not be directly accessible from the internet. They never should have been. But the Shodan search engine - which indexes internet-connected devices - shows thousands of PLCs accessible with a simple query. Facility operators who lacked in-house OT security expertise, often operating on tight municipal budgets, connected industrial controllers to internet-accessible networks for remote monitoring without understanding the risk. Network segmentation that would isolate OT systems behind industrial firewalls and demilitarized zones was never implemented because nobody allocated budget for it.

The result is what Rob Lee of Dragos calls "the inheritance problem" - the US inherited an industrial infrastructure built on security assumptions that became obsolete when the internet arrived, and the process of correcting those assumptions is measured in decades, not quarters.

The Escalation Dynamics: What Comes Next

The asymmetric nature of critical infrastructure attacks makes them particularly difficult to deter - the cost of attack is far lower than the cost of defense, and the potential for panic exceeds actual technical damage. (Unsplash)

The current PLC campaign represents a specific point on the escalation spectrum - it's disruptive, it's costly, but it hasn't yet crossed into the territory of mass-casualty attacks on infrastructure. Intelligence assessments suggest Iran is calibrating carefully: hitting hard enough to demonstrate capability and impose costs, not so hard as to trigger a response that expands the conflict into domains Iran can't control.

But that calibration is inherently unstable. Here's why.

The Precedent Problem

By allowing CyberAv3ngers to operate against US infrastructure since 2023 without significant consequences - the $10 million bounty notwithstanding, the group has never been seriously degraded - the US established a precedent that there's an acceptable floor of cyber disruption below which it will not retaliate in kind. Iran has been testing where that floor is, incrementally, for three years. The current escalation suggests they believe they're still below it.

If they're right, the next escalation will be higher. If the US refrains from responding to disrupted water systems and financial losses at energy utilities, Iran learns that the cost ceiling for US retaliation is higher than that level. The game theory here is troubling: every non-response to a cyber escalation implicitly authorizes larger ones.

The Physical Damage Threshold

The current campaign has caused "operational disruption and financial loss." It has not caused mass civilian casualties or catastrophic infrastructure failure. That distinction - which is real and important - has also historically been the line that restrains US cyber responses. The Stuxnet precedent established that cyber operations against industrial systems are acceptable; the unspoken corollary is that the US is reluctant to escalate unless those operations cross into the physical harm territory.

CyberAv3ngers has demonstrated they can reach PLC-level access. They've demonstrated they can manipulate HMI displays and corrupt project files. The next logical step - if they choose to take it - is to cause physical process failures: chemical overdoses in water treatment, equipment damage in power facilities, pipeline pressure anomalies in natural gas distribution. The capability appears to exist. The question is political authorization.

The Coordination Factor

Perhaps the most significant escalation risk isn't technical at all. It's the potential for coordinated timing between Iran's physical military operations and its cyber operations. During the initial US-Israeli air strikes in March, US Cyber Command publicly took credit for disabling Iranian air defenses through cyberattacks. Iran is now attempting to demonstrate symmetric capability - if you can hack our defenses, we can hack your infrastructure.

A scenario where Iran launches simultaneous kinetic operations against regional targets and cyber operations against US energy infrastructure - timed to maximize disruption and political impact - would create crisis management conditions that stress both military and civilian response systems simultaneously. The ceasefire may have reduced the immediate risk of this scenario, but the capability is in place and the political will to use it has been demonstrated.

What Anthropic Has to Do With All This

The legal battle between Anthropic and the Pentagon over AI's role in military operations is unfolding in the same week as Iranian cyberattacks on US infrastructure - two fronts in the same underlying war over who controls AI in national security contexts. (Unsplash)

This story has a dimension that goes beyond the immediate cybersecurity emergency, and it connects to a simultaneous legal battle unfolding in Washington, DC.

On Wednesday April 8th, a US appeals court panel upheld the Pentagon's "supply-chain risk" designation of Anthropic - the company that makes the Claude AI models now deeply embedded in US military planning systems. The ruling is in direct conflict with a San Francisco federal court order from last month that found the Pentagon had acted in "bad faith" against Anthropic and ordered the designation removed.

The consequence of this legal chaos: the US military is simultaneously using Claude-powered AI systems to plan operations in Iran through Palantir-built interfaces, fighting in court over whether it even has the right to access those systems, and deploying its own internally-built AI chatbot - called Victor - trained on classified lessons-learned data from "missions like the Ukraine-Russia War and Operation Epic Fury."

The Army's Victor system is specifically designed to let soldiers query an AI about things like how to configure electromagnetic warfare equipment for a specific mission context. Alex Miller, the Army's chief technology officer, told Wired the system will eventually be multimodal - able to ingest imagery and video for operational insights. More than 500 repositories of mission data have been fed into it. Source: Wired, April 8, 2026

Georgetown's Lauren Kahn, a former Pentagon policy adviser, notes that Victor highlights AI's near-term military value in automating non-glamorous but critical information management tasks. But she also flags the risk: "The tendency for AI models to be sycophantic could be particularly problematic in a context of intelligence analysis," says Paul Scharre of CNAS. An AI that tells analysts what they want to hear, rather than what the data actually shows, becomes a mechanism for amplifying cognitive biases at exactly the moments when clear-eyed analysis matters most.

The deeper connection to the Iran cyber threat is this: as the US rushes to integrate AI into military operations, Iran is simultaneously using digital asymmetric warfare to impose costs on American infrastructure. The AI integration creates new attack surfaces - AI models are vulnerable to adversarial manipulation, training data poisoning, and the kind of infrastructure attacks that could disrupt the cloud systems AI-dependent military operations rely on. You can't run a Victor query if the data center is managing a DDOS attack.

Meta Muse Spark and the Broader AI Race Context

On the same day the US government was quietly distributing emergency advisories to critical infrastructure operators about Iranian PLC attacks, Meta announced its most significant AI model in years. Muse Spark - the first major model from CEO Mark Zuckerberg's rebuilt "Meta Intelligence Labs" division - is closed-source, natively multimodal, built from scratch for coding, and trained on medical reasoning data vetted by more than 1,000 physicians.

Benchmark scores suggest it's genuinely competitive with frontier models from OpenAI, Anthropic, and Google. Artificial Analysis, an independent AI evaluation firm, scored it at 52 on its Intelligence Index - "within the top 5 models we have benchmarked." For context, Meta's previous major model release, Llama 4, was considered a significant disappointment. If Muse Spark's benchmarks hold up under independent evaluation, Meta has gone from also-ran to contender in under twelve months - largely by poaching engineers with nine-figure compensation packages and investing billions through its Scale AI deal with Alexandr Wang. Source: Wired, April 8, 2026

Separately, Anthropic announced Claude Managed Agents - a product designed to lower the barrier for enterprises to deploy autonomous AI agent fleets. With annualized recurring revenue now above $30 billion - triple what it was in December 2025 - Anthropic is racing to go public and is positioning Claude as the enterprise backbone for agentic automation. The product gives developers out-of-the-box agent harnesses, sandboxed execution environments, and fleet monitoring dashboards. Notion already demoed using it to automate client onboarding workflows. Source: Wired, April 8, 2026

These two announcements, against the backdrop of Iranian infrastructure attacks and US military AI integration battles, tell a coherent story about where AI is in April 2026: it is being deployed at scale into consequential real-world systems - military planning, enterprise automation, healthcare reasoning - faster than the security, legal, and accountability frameworks can keep pace. The same capability acceleration that makes Claude Managed Agents compelling for Notion's onboarding flow makes an AI-augmented military chatbot like Victor operational in under a year. The same open model weights that make Meta's AI research ecosystem vibrant make it harder to control where those capabilities end up and what they're used for.

What Defenders Need to Do - Right Now

The CISA advisory is explicit and urgent. For any organization operating internet-connected industrial control systems - water utilities, power companies, municipal governments, oil and gas operators - there are immediate actions required:

Audit for internet exposure. Use Shodan or similar tools to check whether your PLCs are directly internet-accessible. If they are, firewall or physically disconnect them now. The advisory specifies ports 44818, 2222, 102, and 502 as the attack surface - any device reachable on those ports from the public internet is a target.

Check for IOCs. Download the STIX XML and JSON indicator files from CISA.gov (Advisory AA26-097A) and run them against available network logs. CyberAv3ngers leaves a pattern. If it's in your logs, you have a problem - and also a window for response before it becomes a bigger one.

Physical mode switches matter. For Rockwell Automation devices, the physical key switch on the controller chassis has a "RUN" position that prevents project file modification without physical access. This is a low-tech, highly effective mitigation for the specific attack vector being exploited. It requires someone to physically visit the device and turn a key, but in the current environment, that manual intervention is worth the operational friction.

Network segmentation - finally, for real. The "air gap or firewall" recommendation has been standard guidance for years. It's been ignored for years. The current threat environment represents the actualization of the risk that was always theoretical. Proper industrial DMZ architecture, with firewalls between OT networks and enterprise IT networks and no direct internet paths to PLCs, would have prevented most of the incidents the advisory describes. It's not too late to implement it.

Assume you've been pre-positioned. The IOControl malware campaign from 2024 was specifically designed to establish dormant access in industrial systems. If your organization operates critical infrastructure and has not conducted a thorough OT security assessment since early 2024, you should assume the possibility of persistent access that hasn't yet been activated. The threat isn't just the current active campaign - it's the capability that was planted months ago, waiting.

The Second Front That Will Outlast the War

Ceasefires end wars. They don't end cyber campaigns. The infrastructure CyberAv3ngers has accessed, the dormant IOControl implants across industrial systems, the operational capability demonstrated against Rockwell PLCs - none of that disappears when diplomats sign a document in Islamabad.

The lesson of every major state-sponsored cyber campaign in the past twenty years - from Russia's NotPetya, to China's Volt Typhoon pre-positioning in US infrastructure, to Stuxnet itself - is that the capability investments made during periods of active conflict have long tails. After the Ukraine conflict entered its third year, evidence of Russian pre-positioning in European energy infrastructure kept appearing in security audits. After Stuxnet was attributed to the US and Israel, Iran invested heavily in developing symmetric and asymmetric cyber capabilities that are now being deployed against American systems.

The current Iran cyber campaign is both an immediate operational response to Operation Epic Fury and a long-term capability demonstration. The IRGC is showing the world - and particularly showing potential future adversaries - that attacking Iran's physical infrastructure invites digital retaliation against civilian systems in the country that strikes first. That's a deterrence signal, not just a tactical maneuver.

The uncomfortable implication for US policy is that critical infrastructure security can no longer be treated as a domestic peacetime priority with a low-urgency funding profile. When the US strikes a nation with a serious cyber offensive program, the retaliation arrives in water treatment facilities and power substations. The people who drink the water and flip the light switches are, effectively, in the blast radius of foreign policy decisions made by people they'll never meet.

That's the second front. It's been open for weeks. It will be open long after the ceasefire holds.