At least one critical infrastructure provider
March 1, 2026
•[ advanced persistent threat, critical infrastructure, programmable logic controllers ]
Iran-affiliated advanced persistent threat actors accessed internet-exposed Rockwell Automation/Allen-Bradley programmable logic controllers at one or more U.S. critical infrastructure providers, manipulated project files and HMI/SCADA displays, resulting in operational disruption and financial loss.
