The current study proposes a taxonomy to organize existing knowledge on cybercrimes against critical infrastructure such as power plants, water treatment facilities, dams, and nuclear facilities. Routine Activity Theory is used to inform a three-dimensional taxonomy with the following dimensions: hacker motivation (likely offender), cyber, physical, and cyber-physical components of any cyber-physical system (suitable target), and security (capable guardian). The focus of the study is to develop and evaluate the classification tool using Design Science Research (DSR) methodology. Publicly available data was used to evaluate the utility and usability of the proposed artifact by exploring three possible scenarios – Stuxnet, the Ukrainian power grid shut down, and ransomware attacks. While similar taxonomies exist, none of them have been verified due to the sensitive nature of the data and this would be one of the first empirically validated frameworks to explore cyberattacks against critical infrastructure. By better understanding these attacks, we can be better prepared to prevent and respond to incidents.