Residents of a remote area on Ireland's west coast were left without water last week due to a cyberattack perpetrated by a pro-Iran hacking group targeting a piece of equipment the hackers complained was made in Israel.
The incident affected a private group water scheme in the rural Erris area of County Mayo, which has a total population of around 8,000 people spread out over just under 1,000 square kilometers - about 0.5% the population of Manhattan in an area 20 times its size.
The incident appears to be the latest perpetrated by the Cyber Av3ngers group, who local media reported had left a message on the affected computer network saying it had been conducted because the water system used the Israel-made Unitronics tool.
Last month, the U.S. federal government warned that it was responding to the active exploitation of Unitronics programmable logic controllers that are used by many organizations in the water sector.
The same PLCs are likely in use in other industries, including energy, food and beverage manufacturing, and healthcare.
The devices are often exposed to the internet due to the remote nature of their control and monitoring functionalities, authorities and cybersecurity researchers have said.
Among those affected in the U.S. was the Municipal Water Authority of Aliquippa - which serves thousands of customers in communities northwest of Pittsburgh - although in that instance there was no loss of water service.
The attacks followed just a month after Republican lawmakers and water industry companies forced the U.S. Environmental Protection Agency to back off efforts to add cybersecurity to annual state-led Sanitary Survey Programs that evaluate water systems across the U.S. Lawsuits against the rules were backed by two powerful industry groups - the American Water Works Association and the National Rural Water Association- which argued that the EPA should allow utilities to create their own requirements.
On Monday, the U.S. Cybersecurity and Infrastructure Security Agency added the Unitronics bug to its Known Exploited Vulnerabilities catalog, assigning it CVE-2023-6448.
TV service in UAE hacked to show alleged atrocities in Palestine.
Meta lawsuit against the FTC could put a leash on the agency's regulatory powers.
He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.
This Cyber News was published on therecord.media. Publication date: Mon, 11 Dec 2023 19:05:11 +0000