US Water Systems Targeted by Iran-Linked Cyberattacks in Multiple States

Tom Ozimek
By Tom Ozimek
December 2, 2023US News
US Water Systems Targeted by Iran-Linked Cyberattacks in Multiple States
This photo provided by the Municipal Water Authority of Aliquippa shows the screen of a Unitronics device that was hacked in Aliquippa, Pa., on Nov. 25, 2023. (Municipal Water Authority of Aliquippa via AP)

Multiple federal agencies are warning that Iran-linked hackers have been targeting U.S. water systems and other industries that use programmable-logic controllers (PLC) made by an Israeli firm Unitronics, as the Israel-Hamas war simmers in the background.

Hackers affiliated with the Islamic Revolutionary Guard Corps (IRGC) have engaged in “malicious cyber activity” targeting the PLC operational technology devices used in America’s water and wastewater systems sector, and in other industries including energy, food, and beverage manufacturing, since at least Nov. 22, the agencies said in a Dec. 1 alert.

The agencies that issued the warning include the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA), with the Israel National Cyber Directorate (INCD) joining the U.S. agencies in the advisory.

This IRGC-linked cyberattack group (known variously as CyberAv3ngers, CyberAveng3rs, or Cyber Avengers) has been compromising default credentials in Unitronics devices since at least Nov. 22, the agencies said.

After hacking the PLC devices in multiple states, CyberAv3ngers left the following defacement message: “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.”

The cyber group has claimed responsibility for numerous attacks against critical infrastructure in Israel starting in 2020, and it has recently turned its attention to targets in the United States, a key ally of Israel as it battles the Hamas terror group following the Oct. 7 attacks against Israel.

One high-profile attack by CyberAv3ngers targeted a water authority near Pittsburgh last weekend, prompting congressional lawmakers to demand an investigation by the Department of Justice (DOJ) and triggering the latest multi-agency warning that other water and sewage-treatment utilities, and other industries, may be vulnerable.

The PLC devices regulate processes including pressure, temperature, and fluid flow, according to Unitronics.

Pennsylvania Water Utility Attacked

A cyberattack by the Iran-linked group on Nov. 25 targeted the Municipal Water Authority of Aliquippa, forcing the utility to switch to manual operations though officials said water quality was not compromised.

“The affected municipality’s water authority immediately took the system offline and switched to manual operations—there is no known risk to the municipality’s drinking water or water supply,” CISA said in a Nov. 28 notice.

Even though water quality was not affected this time, CISA said that such cyberattacks do have the potential to threaten the ability of water and wastewater systems to provide clean drinking water to residents and to effectively manage wastewater.

The hackers accomplished their attack by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet, CISA said. The agency urged water and wastewater facilities to take preventive measures including changing passwords and disconnecting the PLCs from the open internet.

Several Pittsburgh-based cybersecurity firms said that utility companies are more vulnerable to cyberattacks targeting operational technology as many of these systems are dated and monitored infrequently.

“Take a Fortune 500, or any type of large manufacturer or utility—instead of breaking in through their firewalls and trying to get to their data, [hackers have] the ability to try to go in and interfere with their systems,” David Kane, CEO of Pittsburgh-based Ethical Intruder, told the Pittsburgh Post-Gazette.

“I think you’re gonna see a big rise in that because there’s just so few protections on it,” he continued, adding that an attack on the operational technology side is “very alarming.”

In its latest warning, CISA and the other agencies shared a number of indicators of compromise (IOCs), as well as tactics, techniques, and procedures (TTPs) associated with the Iran-linked cyber group’s operations.

Lawmakers Demand Probe

The cyberattack prompted several congressional lawmakers from Pennsylvania to demand that the Department of Justice (DOJ) launch an investigation into how the foreign hacking group managed to breach a U.S.-based water facility.

“Any attack on our critical infrastructure is unacceptable,” Rep. Chris Deluzio (D-Penn.) said in a post on X. “It poses a threat not only to Western PA, but also the nation.”

Mr. Deluzio, along with Sens. John Fetterman (D-Penn.) and Bob Casey (D-Penn.) wrote a letter to Attorney General Merrick Garland on Nov. 28, saying that Americans need to be confident that their drinking water and other basic infrastructure is safe.

“If a hack like this can happen here in western Pennsylvania, it can happen anywhere else in the United States,” the trio wrote.

The attack came less than a month after a federal appeals court decision prompted the Environmental Protection Agency (EPA) to rescind a rule that would have obliged U.S. public water systems to include cybersecurity testing in their regular federally mandated audits.

The rollback was triggered by a federal appeals court decision in a case brought by Missouri, Arkansas, and Iowa, and joined by a water utility trade group.

Unitronics has not responded to queries about what other facilities with its equipment may have been hacked or could be vulnerable.

The Associated Press contributed to this report.

From The Epoch Times

ntd newsletter icon
Sign up for NTD Daily
What you need to know, summarized in one email.
Stay informed with accurate news you can trust.
By registering for the newsletter, you agree to the Privacy Policy.