⚠ Active Advisory — April 2026

Iranian Hackers Are Inside
U.S. Water Systems

Seven federal agencies issued an emergency advisory. Nation-state actors are actively compromising water treatment plants and energy grids right now.

Request Assessment Read the Advisory

The Threat Is Real. The Threat Is Now.

IRGC-affiliated actors operating under the persona "CyberAv3ngers" are actively compromising Unitronics Vision Series PLCs and HMIs used in water, wastewater, energy, food manufacturing, transportation, and healthcare. Victims span multiple U.S. states.

In November 2023, Iranian hackers breached the Aliquippa, Pennsylvania municipal water authority — gaining control of a booster pump station serving 15,000 residents. The attack was only stopped because an alarm triggered manually.

The government's recommendation? "Disconnect PLCs from the internet." In 2026. That's not a solution — that's an admission of failure.

"The United States has hundreds of fragmented electric companies. Hundreds of water companies. All separate. All running different systems. All with barely any cyber oversight, cyber enforcement, or penetration testing." — Nicolas Chaillan, Former Pentagon Chief Software Officer

Official Sources

CISA IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors — AA23-335A (Updated Dec. 2024) CISA Water and Wastewater Systems Sector Critical Infrastructure EPA Cybersecurity for the Water Sector

Who Is At Risk?

If you operate industrial control systems, you are a target.

Water Treatment

Municipal water systems, wastewater facilities, and treatment plants are primary targets for nation-state actors.

Energy & Utilities

Electric utilities, natural gas pipelines, and power generation facilities face constant probing.

Manufacturing

Industrial facilities with PLCs and SCADA systems controlling critical processes.

Building Automation

HVAC, access control, and building management systems in critical facilities.

Our Assessment Process

A comprehensive 2-week threat hunt — zero operational impact.

1

Discovery

Full inventory of PLCs, RTUs, HMIs, SCADA. Network mapping and internet exposure check.

2

Monitoring

Passive network capture of ICS protocols. Baseline normal behavior. No operational impact.

3

Threat Hunt

Search for Iranian IOCs, unauthorized access, anomalous commands, after-hours activity.

4

Report

Executive summary, technical findings, prioritized remediation roadmap.

Secure Your Infrastructure

Don't wait for a breach. Schedule a free consultation today.

Schedule Free Consultation
Emailmatt@redeyesecurity.com