ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government

The hackers behind recent cyberattacks targeting industrial control systems at water facilities in the US are affiliated with the Iranian government, according to security agencies in the United States and Israel.
The FBI, CISA, the NSA, the EPA and Israel's National Cyber Directorate on Friday published a joint advisory focusing on the threat actor responsible for the recent attack on the Municipal Water Authority of Aliquippa in Pennsylvania.
The hackers, calling themselves Cyber Av3ngers, compromised an ICS associated with a booster station that monitors and regulates water pressure, but the water facility said there was no risk to the water supply or drinking water.
The threat actor targeted a Unitronics Vision series programmable logic controller with an integrated human-machine interface.
Unitronics is an Israel-based company and its products are used not only in the water and wastewater systems sector, but also in industries such as energy, healthcare, and food and beverage manufacturing.
In some cases, the PLCs may be rebranded and appear to have been made by other companies.
In the weeks prior to attacking the Aliquippa water utility, Cyber Av3ngers targeted ICS at water, energy, shipping, and distribution organizations in Israel.
Some of their claims turned out to be false.
Since the Israel-Hamas conflict escalated on October 7, they claimed to have breached the systems of many water treatment stations in Israel.
In the case of the Aliquippa facility attack, they claimed to have targeted the PLC because it was made by an Israeli company.
While Cyber Av3ngers claims to be a hacktivist group, CISA, the FBI and the other agencies said it's actually a persona used by cyber actors affiliated with the Iranian Government Islamic Revolutionary Guard Corps.
The Cyber Av3ngers persona, previously described as a pro-Iran threat group, has been used to target Israeli entities since 2020.
The agencies said IRGC-affiliated threat actors targeted multiple US water sector facilities that rely on Unitronics Vision PLCs since November 22.
Unitronics PLCs have been known to be affected by critical vulnerabilities that could expose them to attacks.
In the recent attacks, the devices were likely compromised because they were exposed to the internet on the default port and were protected by default passwords.
Once they compromised the devices, the hackers defaced their user interface, which could make the PLC inoperable.
A Shodan search shows that roughly 1,800 Unitronics PLCs located around the world are exposed to the internet, including a few hundred like the one targeted in the Aliquippa attack.
Regarding Cyber Av3ngers' recent public statements, John Hultquist, chief analyst at Google Cloud's Mandiant Intelligence, said the group has a long history of publicly exaggerating superficial intrusions, claiming significant access to critical infrastructure.
The advisory released by the security agencies provides indicators of compromise and tactics, techniques, and procedures associated with Iranian cyber operations, as well as recommendations for defenders and device manufacturers.


This Cyber News was published on www.securityweek.com. Publication date: Mon, 04 Dec 2023 13:43:04 +0000


Cyber News related to ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government

States and Congress Wrestle With Cybersecurity After Iran Attacks Small Town Water Utilities - The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. Then it - along with several other water utilities - was struck by what federal authorities say are Iranian-backed ...
10 months ago Securityweek.com
ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government - The hackers behind recent cyberattacks targeting industrial control systems at water facilities in the US are affiliated with the Iranian government, according to security agencies in the United States and Israel. The FBI, CISA, the NSA, the EPA and ...
11 months ago Securityweek.com
Cyberattack on Irish Utility Cuts Off Water Supply for Two Days - An attack launched by hackers last week against the systems of a small water utility in Ireland interrupted the water supply for two days. The cyberattack was reported by a local newspaper, Western People, and technical details are murky. The attack ...
10 months ago Packetstormsecurity.com
Water services giant Veolia North America hit by ransomware attack - Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. After detecting the attack, Veolia has ...
9 months ago Bleepingcomputer.com
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
7 months ago Securelist.com
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities - SUMMARY. The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, and the Israel National Cyber Directorate-hereafter referred to as "The authoring agencies"-are ...
11 months ago Cisa.gov
Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks - A regulatory agency in Florida that oversees the long-term supply of drinking water confirmed that it responded to a cyberattack over the last week as the top cybersecurity agencies in the U.S. warned of foreign attacks on water utilities. The agency ...
11 months ago Therecord.media
Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say - A small western Pennsylvania water authority was just one of multiple organizations breached in the United States by Iran-affiliated hackers who targeted a specific industrial control device because it is Israeli-made, U.S. and Israeli authorities ...
11 months ago Securityweek.com
Threat landscape for industrial automation systems, Q1 2024 - In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of ICS ...
5 months ago Securelist.com
Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere - Three members of Congress have asked the U.S. Justice Department to investigate how foreign hackers breached a water authority near Pittsburgh, prompting the nation's top cyberdefense agency to warn other water and sewage-treatment utilities that ...
11 months ago Securityweek.com
US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches - It has been announced that six Iranian officials have been sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control, the Iranian government organization responsible for the series of malicious cyber activities directed against ...
8 months ago Cysecurity.news
Hackers breach US water facility via exposed Unitronics PLCs - CISA is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers exposed online. PLCs are crucial control and management devices in industrial settings, and hackers compromising them could ...
11 months ago Bleepingcomputer.com
Cyberattack Defaces Israeli-Made Equipment at US Water Agency, Brewing Firm - The targets included the Equipment used by the Municipal Water Authority of Aliquippa, Pennsylvania and Brewmation, a New York-based company specializing in turnkey brewing and distilling equipment. U.S. officials have attributed a cyberattack on the ...
11 months ago Hackread.com
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
1 year ago Securityweek.com
Cybersecurity agency warns that water utilities are vulnerable to hackers after Pennsylvania attack - HARRISBURG, Pa. - Hackers are targeting industrial control systems widely used by water and sewage-treatment utilities, potentially threatening water supplies, the top U.S. cyberdefense agency said after a Pennsylvania water authority was hacked. The ...
11 months ago Abcnews.go.com
Hackers Hijacked Irish Water Facility that Interrupted Supply - Recently, there was a cyberattack on an Irish water utility that resulted in hackers gaining control of the system and disrupting the water supply. Last week, a private group water system in the Erris area was targeted by cybercriminals in a ...
10 months ago Cybersecuritynews.com
Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
11 months ago Blog.checkpoint.com
CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities - Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers, US and Israeli authorities have said in a joint cybersecurity advisory. CyberAv3ngers targeting Unitronics PLCs. CISA has recently ...
11 months ago Helpnetsecurity.com
Resecurity and ICS Technologies join forces to improve cybersecurity in Iraq - Resecurity and ICS Technologies IRAQ, a well-established ICT System Integration Company with HQ in Baghdad, Iraq, have joined forces to fortify cybersecurity, fraud prevention and risk intelligence measures nationwide. This strategic partnership is ...
11 months ago Helpnetsecurity.com
UK water company that serves millions confirms system attack The Register - Scans of identity documents such as passports and driving licenses. Documents that appear to be HR-related, displaying the personal data of what could be customers, including home address, office address, dates of birth, nationalities, and email ...
9 months ago Theregister.com
Two-day water outage in remote Irish region caused by pro-Iran hackers - Residents of a remote area on Ireland's west coast were left without water last week due to a cyberattack perpetrated by a pro-Iran hacking group targeting a piece of equipment the hackers complained was made in Israel. The incident affected a ...
10 months ago Therecord.media
Top White House cyber aide says recent Iran hack on water system is call to tighten cybersecurity - WASHINGTON - A top White House national security official said recent cyber attacks by Iranian hackers on U.S. water authorities - as well as a separate spate of ransomware attacks on the health care industry - should be seen as a call to action by ...
10 months ago Apnews.com
Top White House Cyber Aide Says Recent Iran Hack on Water System Is Call to Tighten Cybersecurity - A top White House national security official said recent cyber attacks by Iranian hackers on US water authorities - as well as a separate spate of ransomware attacks on the health care industry - should be seen as a call to action by utilities and ...
10 months ago Securityweek.com
Ransomware gang targets nonprofit providing clean water to world's poorest - Water for People, a nonprofit that aims to improve access to clean water for people whose health is threatened by a lack of it for drinking and sanitation, is the latest organization to have been hit by ransomware criminals. The ...
9 months ago Therecord.media
Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
9 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)