The US Cybersecurity and Infrastructure Security Agency has revealed Iran's Islamic Revolutionary Guard Corps is behind a series of recent strikes against water plants.
The PLCs are commonly used by organizations operating in the Water and Wastewater Systems Sector, as well as energy, food and beverage manufacturing and healthcare firms, it added.
The IRGC appears to have targeted the devices because Unitronics is an Israeli manufacturer.
An update from the UK's National Cyber Security Centre on Friday indicated that critical infrastructure in that country may also be at risk from such attacks, although it claimed the risk was minimal, confined to small providers and unlikely to cause any disruption to water supply.
Critical infrastructure providers were urged to change all default passwords on Unitronics devices and disconnect the PLCs from the public internet.
CISA said they should also add multi-factor authentication, create regular backups, keep PLCs on the latest firmware version and install a firewall in front of the PLC to control access.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 04 Dec 2023 09:30:12 +0000