A regulatory agency in Florida that oversees the long-term supply of drinking water confirmed that it responded to a cyberattack over the last week as the top cybersecurity agencies in the U.S. warned of foreign attacks on water utilities.
The agency does not have direct control over water utility technology.
On Friday, a ransomware gang said it attacked the organization, providing samples of what it stole.
The cybercriminals did not say how much total data was taken in the attack.
Most of the work by the St. Johns River Water Management District is centered around educating the public about water conservation, setting rules for water use, conducting research, collecting data, restoring and protecting water above and below the ground, and preserving natural areas.
The attack comes after U.S. officials raised alarms last week about several incidents involving companies involved in water treatment and distribution.
The Cybersecurity and Infrastructure Security Agency said it is responding to the active exploitation of Unitronics programmable logic controllers used by many organizations in the water sector.
CISA linked the advisory to a notice from the Water Information Sharing and Analysis Center about an attack on a water utility in Pennsylvania reported November 26.
The hackers behind the incident in Pennsylvania have filled their social media feed with references to the leaders of Iran and have pledged to attack any entities with products or ties to Israel - already touting attacks on 10 water treatment plants in Israel.
By Friday, CISA worked with the FBI, National Security Agency, Environmental Protection Agency, and the Israel National Cyber Directorate to release an advisory warning that hackers - who go by the name CyberAv3ngers - are connected to the Iranian government's Islamic Revolutionary Guard Corps.
The agencies said hackers affiliated with the IRGC have compromised default credentials in Unitronics devices since at least November 22 and explicitly claim that their motivation is to target anything associated with Israel, according to defacement images seen by U.S. authorities.
The kind of Unitronics devices being attacked are often exposed to the internet due to the remote nature of their control and monitoring functionalities, they explained.
At least 539 Unitronics PLC instances still publicly exposed worldwide.
Unitronics PLC instances have been targeted recently as part of attacks against Water & Wastewater systems.
While the U.S. campaign began in November, the hackers have been active since at least September, claiming on their Telegram channel both legitimate and false attacks against Israeli PLCs in the water, energy, shipping, and distribution sectors.
Cybersecurity nonprofit Shadowserver Foundation said that through its research tool, they found at least 539 Unitronics PLC instances still publicly exposed worldwide.
Iran-linked hackers claim to leak troves of documents from Israeli hospital.
Jonathan has worked across the globe as a journalist since 2014.
Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.
He previously covered cybersecurity at ZDNet and TechRepublic.
This Cyber News was published on therecord.media. Publication date: Mon, 04 Dec 2023 20:50:14 +0000