Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Iranian Threat Actors Attacking U.S. Critical Infrastructure Including Water Systems

Iranian cyber operatives have intensified their assault on American critical infrastructure, with Intelligence Group 13 emerging as a primary threat actor targeting water treatment facilities, electrical grids, and industrial control systems across the United States. The group, operating under the umbrella of the Islamic Revolutionary Guard Corps (IRGC) Shahid Kaveh Cyber Group, has demonstrated sophisticated capabilities in penetrating and compromising industrial control systems, particularly Unitronics programmable logic controllers (PLCs) that manage essential infrastructure operations. Their recent campaigns have successfully infiltrated water treatment facilities in Pennsylvania, including the highly publicized Aliquippa water system attack, where attackers gained unauthorized access to control systems and leaked compromising screenshots through their propaganda channels. The group’s technical arsenal demonstrates advanced understanding of industrial control systems architecture, with particular expertise in exploiting Unitronics PLCs commonly used in water treatment and distribution facilities. The group’s ability to leak control panel screenshots and system configuration details demonstrates comprehensive access to target environments, highlighting the severity of their infrastructure penetration capabilities. DomainTools researchers identified the group’s sophisticated tradecraft, which includes deploying custom malware tools such as IOControl and Project Binder specifically designed to manipulate industrial control systems. Intelligence Group 13’s operational methodology centers on pre-positioning malware within target environments, creating dormant implants that can be activated for future sabotage operations. Their attack vectors typically involve credential harvesting through spear-phishing operations, followed by lateral movement within operational technology networks to reach supervisory control and data acquisition (SCADA) systems. The attackers leverage phishing campaigns, credential theft, and open-source intelligence gathering to gain initial access to target networks, subsequently establishing persistent footholds within critical infrastructure environments. Their approach involves embedding malware implants deep within industrial control networks, often masquerading as legitimate system processes or maintenance utilities.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 16 Jul 2025 06:40:13 +0000

Cyber News related to Iranian Threat Actors Attacking U.S. Critical Infrastructure Including Water Systems

States and Congress Wrestle With Cybersecurity After Iran Attacks Small Town Water Utilities - The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. Then it - along with several other water utilities - was struck by what federal authorities say are Iranian-backed ...
1 year ago Securityweek.com

Water services giant Veolia North America hit by ransomware attack - Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. After detecting the attack, Veolia has ...
1 year ago Bleepingcomputer.com Black Basta

ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government - The hackers behind recent cyberattacks targeting industrial control systems at water facilities in the US are affiliated with the Iranian government, according to security agencies in the United States and Israel. The FBI, CISA, the NSA, the EPA and ...
1 year ago Securityweek.com

Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
2 months ago Cybersecuritynews.com

Hackers breach US water facility via exposed Unitronics PLCs - CISA is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers exposed online. PLCs are crucial control and management devices in industrial settings, and hackers compromising them could ...
1 year ago Bleepingcomputer.com Scattered Spider

US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches - It has been announced that six Iranian officials have been sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control, the Iranian government organization responsible for the series of malicious cyber activities directed against ...
1 year ago Cysecurity.news

Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks - A regulatory agency in Florida that oversees the long-term supply of drinking water confirmed that it responded to a cyberattack over the last week as the top cybersecurity agencies in the U.S. warned of foreign attacks on water utilities. The agency ...
1 year ago Therecord.media

CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure - The most concerning aspect of Iranian cyber operations involves their systematic targeting of operational technology networks and industrial control systems across multiple critical infrastructure sectors. When targeting operational technology ...
2 months ago Cybersecuritynews.com

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities - SUMMARY. The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, and the Israel National Cyber Directorate-hereafter referred to as "The authoring agencies"-are ...
1 year ago Cisa.gov

Cyberattack on Irish Utility Cuts Off Water Supply for Two Days - An attack launched by hackers last week against the systems of a small water utility in Ireland interrupted the water supply for two days. The cyberattack was reported by a local newspaper, Western People, and technical details are murky. The attack ...
1 year ago Packetstormsecurity.com

Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere - Three members of Congress have asked the U.S. Justice Department to investigate how foreign hackers breached a water authority near Pittsburgh, prompting the nation's top cyberdefense agency to warn other water and sewage-treatment utilities that ...
1 year ago Securityweek.com

UK water company that serves millions confirms system attack The Register - Scans of identity documents such as passports and driving licenses. Documents that appear to be HR-related, displaying the personal data of what could be customers, including home address, office address, dates of birth, nationalities, and email ...
1 year ago Theregister.com Black Basta

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

Iranian Threat Actors Attacking U.S. Critical Infrastructure Including Water Systems - Iranian cyber operatives have intensified their assault on American critical infrastructure, with Intelligence Group 13 emerging as a primary threat actor targeting water treatment facilities, electrical grids, and industrial control systems across ...
1 month ago Cybersecuritynews.com

What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
11 months ago Cyberdefensemagazine.com Akira

Cyberattack Defaces Israeli-Made Equipment at US Water Agency, Brewing Firm - The targets included the Equipment used by the Municipal Water Authority of Aliquippa, Pennsylvania and Brewmation, a New York-based company specializing in turnkey brewing and distilling equipment. U.S. officials have attributed a cyberattack on the ...
1 year ago Hackread.com

Attacks on critical infrastructure are harbingers of war: Are we prepared? - Recent attacks on several water authorities, such as Aliquippa and St. Johns River, are putting a new spotlight on the need to protect critical infrastructure. In war, to bring a nation to its knees, attacks against power and water inflict the most ...
1 year ago Scmagazine.com

Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say - A small western Pennsylvania water authority was just one of multiple organizations breached in the United States by Iran-affiliated hackers who targeted a specific industrial control device because it is Israeli-made, U.S. and Israeli authorities ...
1 year ago Securityweek.com

Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors - This aggressive campaign has prompted urgent warnings from the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Homeland Security, highlighting the critical need for enhanced security measures across industrial and ...
1 month ago Cybersecuritynews.com MuddyWater OilRig APT3 APT33

Hacktivist Group Claimed Attacks Across 20+ Critical Sectors Following Iran–Israel Conflict - Following Israeli airstrikes on Iranian military and nuclear facilities in June 2025, pro-Iranian and pro-Palestinian hacktivist collectives mobilized almost immediately, targeting Israeli government systems, energy infrastructure, financial ...
2 months ago Cybersecuritynews.com Abyss

Hackers Hijacked Irish Water Facility that Interrupted Supply - Recently, there was a cyberattack on an Irish water utility that resulted in hackers gaining control of the system and disrupting the water supply. Last week, a private group water system in the Erris area was targeted by cybercriminals in a ...
1 year ago Cybersecuritynews.com

Cybersecurity agency warns that water utilities are vulnerable to hackers after Pennsylvania attack - HARRISBURG, Pa. - Hackers are targeting industrial control systems widely used by water and sewage-treatment utilities, potentially threatening water supplies, the top U.S. cyberdefense agency said after a Pennsylvania water authority was hacked. The ...
1 year ago Abcnews.go.com

Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
1 year ago Cisa.gov

DOE Puts Up $70 Million to Secure US Energy Infrastructure - The federal government will spend as much as $70 million for technologies that will create a more resilient energy delivery infrastructure that is better protected against a range of threats, including from cybercriminals. The U.S. Department of ...
1 year ago Securityboulevard.com