Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers, US and Israeli authorities have said in a joint cybersecurity advisory.
CyberAv3ngers targeting Unitronics PLCs. CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series PLC at a water system facility in Pennsylvania, and urged other water authorities to promptly secure their Unitronics PLCs. The agency has advised them to change the default password and port used by the PLC, disconnect it from the open internet or secure remote access by using firewall, VPN and multi-factor authentication, create configuration backups, and update the PLC/HMI to the latest available version.
CyberAv3ngers has previously claimed responsibility for numerous attacks against critical infrastructure organizations in Israel working in the water, energy, shipping, and distribution sectors, and only recently targeted Unitronics PLCs deployed by multiple US-based water and wastewater facilities.
In the latest advisory, the agencies shared additional information about the APT group's activites and indicators of compromise associated with their most recent attacks.
The agencies repeated CISA's initial risk mitigation advice and urged organizations to apply it to all internet-facing PLCs, not just those manufactured by Unitronics.
Other Iran-affiliated threat groups to look out for.
CyberAv3ngers are not the only Iranian cyber threat actors targeting Israeli and US entities, Check Point researchers pointed out.
There's CyberToufan, which initially targeted Israeli organizations but later claimed attacks against US companies.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Mon, 04 Dec 2023 14:28:05 +0000