5 December 2023

Multiple US water utilities hit by Iran-backed hackers


Multiple US water utilities hit by Iran-backed hackers

US authorities have confirmed that a series of cyberattacks has targeted multiple water utilities across the United States, all running the same Israeli-made industrial equipment. The attacks, believed to be the work of a hacker group known as Cyber Av3ngers affiliated with the Islamic Revolutionary Guard Corps, have prompted a joint advisory from US and Israeli authorities.

The federal Cybersecurity and Infrastructure Security Agency (CISA) revealed that beginning on November 22, 2023, IRGC cyber actors accessed multiple US-based WWS (Water and Wastewater Systems) facilities that operate Unitronics Vision Series PLCs with an HMI likely by compromising internet-accessible devices with default passwords. The breaches have not resulted in any disruptions or threats to drinking water, officials said.

The hackers, described as opportunistic, employed low-level tactics to deface computer screens at the targeted water facilities.

CNN reported that CISA told Senate and House staffers that “less than 10” water facilities across the US have faced cyberattacks in recent days.

The incidents first came to public attention after Cyber Av3ngers took control over water pumps in the town of Aliquippa, Pennsylvania, by exploiting a Unitronics PLC and displayed an anti-Israel message on the compromised computer screens.

According to data from the internet watchdog group The Shadowserver Foundation, there are more than 539 Unitronics PLC instances publicly exposed worldwide.


Back to the list

Latest Posts

Cyber Security Week in Review: June 21, 2024

Cyber Security Week in Review: June 21, 2024

In brief: The US bans Russia’s Kaspersky software, Chinese cyber espionage actor exploits Fortinet, Ivanti, and VMware zero-days, and more.
21 June 2024
Russian Nobelium hackers  target French diplomatic entities and public orgs

Russian Nobelium hackers target French diplomatic entities and public orgs

Nobelium's tactics involve using hacked legitimate email accounts belonging to diplomatic staff to conduct phishing campaigns.
20 June 2024
Chinese cyber espionage actor exploits Fortinet, Ivanti, and VMware zero-days

Chinese cyber espionage actor exploits Fortinet, Ivanti, and VMware zero-days

The group relies heavily on valid credentials for lateral movement between guest virtual machines on compromised VMware ESXi servers.
20 June 2024