Iranian-Affiliated Hackers Are Targeting US Infrastructure

Open industrial control panel with networked PLCs and exposed cabling beside a water treatment facility, representing unsecured internet-connected systems

Iranian-Affiliated Hackers Are Targeting US Infrastructure

Default credentials and open ports are all it takes.

Iranian-affiliated hackers breached a Pennsylvania water utility in 2023. They’re back, and the attack scope is wider. On April 7, 2026, six federal agencies published a joint cybersecurity advisory warning that Iranian-affiliated threat actors are exploiting internet-connected programmable logic controllers (PLCs) at US energy and water providers. This hacking method works on most any business network. Not just utilities.

Security cameras, printers, point-of-sale systems, and smart thermostats on your network right now potentially share the same fundamental weakness that breached US critical infrastructure: they’re internet-connected, poorly authenticated, and no one’s watching them.

What the Advisory Recommends

Every one of those devices ships with a factory-default login and sits on a network with no segmentation, no hardening, and no one watching. The same automated scanning tools that nation-state actors use on critical infrastructure can find yours, too. The same attack methods that hit enterprises hit small businesses, too, and they work more often because small businesses are likely to be more vulnerable.

These four actions are recommended for all businesses, not just utilities:

  • Remove devices from direct internet exposure. If it doesn’t need a public IP, it shouldn’t have one. Network segmentation keeps internal systems invisible to outside scans.
  • Monitor for suspicious traffic. Most small businesses don’t know what’s happening on their network until something breaks. By then, the attacker has been inside for weeks.
  • Know who’s responsible for every device. The advisory tells Rockwell Automation users to contact the company directly. The real question for your business: who patches, monitors, and secures every connected device on your network? If you don’t have a name, you have a gap.
  • Find out if your network is exposed. SC Network Solutions runs a free risk assessment that maps every device on your network, flags open ports, and identifies security gaps.

Most Small Business Networks Aren’t Ready for This

Iranian-affiliated APT groups get the headline. The real story is simpler.

Most small businesses run a consumer-grade firewall with factory settings. No segmentation. No log review. No firmware updates. No one watching. That setup doesn’t survive an amateur hacker, let alone a nation-state operation. Ask Green River, Wyoming how fast ransomware shuts down an organization that thought it was too small to matter.

Managed IT closes the gap. A managed firewall is configured for your environment, updated as threats change, and monitored around the clock. Endpoint protection accounts for every device. When a federal advisory drops, a managed IT provider doesn’t forward the article to you. They’ve already reviewed it, checked your exposure, and acted.

That’s the difference between having IT and having managed IT.

Managed IT. Managed Security. One Call.

SC Network Solutions provides managed firewall services, endpoint security, and 24/7 network monitoring for businesses across Southern Utah and Northern Arizona.

See How It Works

Three Things to Do Before End of Week

  1. List every connected device on your network that touches the internet. If you can’t produce that list, that’s a problem.
  2. Change factory credentials. Every default login is a door. Automated scanners check millions of them daily.
  3. Call your IT provider. Ask what they did in response to this advisory. If the answer is nothing, or if you don’t have a provider to call, talk to SC Network Solutions.

Find out if your network is exposed. Schedule Your Free Risk Assessment Now