The US Cybersecurity and Infrastructure Security Agency (CISA) is advising users of a widely used programmable logic controller (PLC) to ensure the security of their devices following reported attacks by Iranian threat actors. CISA has identified attackers attributed to the Islamic Revolutionary Guard Corps (IRGC) of the Iranian government exploiting the default admin password “1111” on Unitronix PLCs. The attacks primarily involve defacing target units with anti-Israel messages, but CISA warns that more serious compromises may have occurred. The targeted devices are Unitronix Vision series PLCs with human machine interfaces (HMI). The campaign started in October with targets in Israel and has since expanded to “multiple US states.” CISA recently issued a warning about PLC attacks, emphasizing the need for stronger security measures such as changing passwords, implementing multifactor authentication, and using firewalls and IP address restrictions for internet-exposed PLCs.