Iran-linked hackers have been targeting internet-exposed programmable logic controllers, or PLCs, that control U.S. critical infrastructure systems. The attackers exploited these industrial control devices that were directly connected to the internet, turning what should be isolated operational technology into vulnerable entry points for disruption. This campaign highlights the growing risk of state-sponsored groups exploiting poorly secured industrial systems to threaten essential services like power grids, water treatment, and manufacturing facilities.