:

4,000 US INDUSTRIAL DEVICES EXPOSED TO IRANIAN CYBERATTACKS

INDUSTRY DESK1 MIN READ
SUN, APR 12, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Iranian-linked hackers have targeted nearly 4,000 internet-exposed industrial devices in the US, focusing on programmable logic controllers (PLCs) manufactured by Rockwell Automation.

The attack surface encompasses critical infrastructure networks across the country. Programmable logic controllers are essential components in industrial automation systems, controlling machinery and processes in manufacturing, utilities, and other sectors. Rockwell Automation is a major supplier of PLCs and industrial control systems used extensively in US infrastructure. The exposure of these devices suggests inadequate network segmentation or security configurations that leave critical equipment directly accessible from the internet. Iranian state-sponsored cyber groups have previously targeted US infrastructure as part of broader geopolitical tensions. The discovery highlights ongoing vulnerabilities in industrial control systems, where legacy equipment often lacks modern security features. Experts recommend air-gapping critical systems, implementing network segmentation, and deploying intrusion detection systems. Organizations operating PLCs should audit their network exposure and apply available security patches and updates from Rockwell Automation.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.

JUST NOWSecurity Desk

Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.

JUST NOWAI Desk

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

5H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

5H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.