U.S. federal agencies have confirmed the Iranian threat group that breached a Pennsylvanian water authority pump station controller also compromised similar systems at facilities in other states.
The Municipal Water Authority of Aliquippa was forced to temporarily shut down one of its remote pump stations, supplying two towns, following an Oct. 25 attack on a programmable logic controller used to regulate water pressure.
The PLC, manufactured by Israeli company Unitronics, is commonly used in water and wastewater facilities, and in industrial plants across a range of other industries.
The attack was carried out by Cyber Av3ngers, an advanced persistent threat group linked to the Iranian Government's Islamic Revolutionary Guard Corps.
An identical message was left on a Unitronics PLC at Pittsburgh's Full Pint Beer brewery which was also hacked over Thanksgiving weekend.
MWAA chairman Matthew Mottes was reported saying authorities told him four other utilities and a public aquarium were also hacked.
Feds confirm gang hit 'multiple' facilities.
The occurrence of multiple attacks was confirmed in a Dec. 1 joint cybersecurity advisory released by the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, and the Israel National Cyber Directorate.
The agencies said Unitronics PLCs and related controllers were often exposed to the internet because they were commonly used in situations where remote control and monitoring was required.
The Cyber Av3ngers attacks were centered around defacing the controller's user interface and possibly rendering the PLC inoperative, but it was conceivable further network access could have been gained, they said.
The breached devices were using the default Unitronics PLC password and the default port, the advisory said.
The agencies said organizations should change all default passwords on PLCs and human machine interfaces use strong passwords and implement multifactor authentication for access to operational technology networks.
They said organizations should create strong backups of the logic and configurations of PLCs to enable fast recovery.
In a Nov. 28 letter to U.S. Attorney General Merrick Garland, Pennsylvania Congressman Chris Deluzio and the state's Senators, Bob Casey and John Fetterman, called for the Department of Justice to investigate the MWAA attack.
In October the EPA withdraw its guidance requiring cybersecurity audits for water utilities across the country following a lawsuit filed by Arkansas, Iowa, and Missouri, and supported by trade groups.
This Cyber News was published on packetstormsecurity.com. Publication date: Tue, 05 Dec 2023 14:43:06 +0000