US authorities have confirmed that a series of cyberattacks has targeted multiple water utilities across the United States, all running the same Israeli-made industrial equipment. The attacks, believed to be the work of a hacker group known as Cyber Av3ngers affiliated with the Islamic Revolutionary Guard Corps, have prompted a joint advisory from US and Israeli authorities.
The federal Cybersecurity and Infrastructure Security Agency (CISA) revealed that beginning on November 22, 2023, IRGC cyber actors accessed multiple US-based WWS (Water and Wastewater Systems) facilities that operate Unitronics Vision Series PLCs with an HMI likely by compromising internet-accessible devices with default passwords. The breaches have not resulted in any disruptions or threats to drinking water, officials said.
The hackers, described as opportunistic, employed low-level tactics to deface computer screens at the targeted water facilities.
CNN reported that CISA told Senate and House staffers that “less than 10” water facilities across the US have faced cyberattacks in recent days.
The incidents first came to public attention after Cyber Av3ngers took control over water pumps in the town of Aliquippa, Pennsylvania, by exploiting a Unitronics PLC and displayed an anti-Israel message on the compromised computer screens.
According to data from the internet watchdog group The Shadowserver Foundation, there are more than 539 Unitronics PLC instances publicly exposed worldwide.