In a concerning development, multiple U.S. organizations, including a water authority in western Pennsylvania, have fallen prey to cyberattacks by hackers affiliated with Iran, targeting an Israeli-made industrial control device.
This series of breaches as reported by the Associated Press and confirmed by U.S. and Israeli authorities, reveals weaknesses with a growing cybersecurity threat.
The FBI, Environmental Protection Agency, Cybersecurity and Infrastructure Security Agency (CISA), and Israel’s National Cyber Directorate, in a recent advisory, revealed that these cyberattacks spanned several states across the U.S. However, the exact number of affected organizations remains undisclosed.
Matthew Mottes, chair of the Municipal Water Authority of Aliquippa, reported that alongside his authority, four other utilities and an aquarium were compromised by the same hacking group.
These breaches have raised alarms over potential Iranian retaliation following a terrorist attack into Israel by Hamas on October 7, which ignited the Gaza war.
While no direct Iranian involvement in the Hamas attack has been established, experts anticipated an uptick in cyber offensives by Iranian state-backed hackers and pro-Palestinian hacktivists against Israel and its allies.
RELATED: Municipal Water Authority Confirms Water System Attacked by Iranian Cyber Group
The advisory highlighted the vulnerability of industries using Vision Series programmable logic controllers made by Unitronics, not limited to water treatment facilities but also including sectors like energy, healthcare, and food and beverage manufacturing.
The Aliquippa hack led to a temporary halt in pumping at a station affecting water pressure for two towns, with hackers leaving a message declaring all Israeli-made equipment as a “legal target.”
This breach allowed the hackers, identified as “Cyber Av3ngers” and linked to Iran’s Islamic Revolutionary Guards Corps (designated as a terrorist organization by the U.S. in 2019), to gain significant access. Their focus on Unitronics devices, seemingly since November 22, poses a broader threat to U.S. infrastructure.
An online search identified over 200 internet-connected Unitronics devices in the U.S., with over 1,700 globally. The advisory also criticized the default password setting on these devices, highlighting the importance of robust password security.
In light of the Aliquippa incident, three Pennsylvania lawmakers, U.S. Sens. John Fetterman and Bob Casey and U.S. Rep. Chris Deluzio, have urged the U.S. Justice Department to investigate, emphasizing the need to protect American infrastructure from foreign adversaries and terrorist groups.
Additionally, the Cyber Av3ngers claimed responsibility for targeting 10 water treatment stations in Israel.
This attack comes amidst the Biden administration’s efforts to strengthen cybersecurity in critical infrastructure, a sector predominantly privately owned, with regulations imposed on electric utilities, gas pipelines, and nuclear facilities. However, experts argue that self-regulation in many vital industries remains a significant vulnerability.
