Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Targeting Israeli-Made Control Device
HARRISBURG, Pa. – In a recent advisory, U.S. and Israeli authorities revealed that Iran-affiliated hackers targeted multiple organizations across the United States, breaching a small water authority in western Pennsylvania. The hackers specifically targeted an industrial control device due to its Israeli origins, according to the FBI, the Environmental Protection Agency (EPA), the Cybersecurity and Infrastructure Security Agency (CISA), and Israel’s National Cyber Directorate.
While the exact number of hacked organizations remains undisclosed, Matthew Mottes, the chairman of the Municipal Water Authority of Aliquippa, confirmed that his organization was not the only target. Federal officials informed Mottes that four other utilities and an aquarium were also breached.
Experts in cybersecurity anticipated an increase in cyberattacks by Iranian-backed hackers and pro-Palestinian hacktivists following the recent attack by Hamas on Israel on October 7. Although there is no evidence linking the Iranian government to the attack, it was expected that state-supported Iranian hackers would escalate their cyber offensive against Israeli targets and its allies. Sadly, these predictions have now become a reality.
The advisory highlights that the equipment targeted by the hackers, Unitronics’ Vision Series programmable logic controllers, is not limited to water and water-treatment facilities. Industries such as energy, food and beverage manufacturing, and healthcare also employ these devices, which regulate crucial processes like pressure, temperature, and fluid flow.
The Municipal Water Authority of Aliquippa experienced the consequences of the cyberattack when pumping at a remote station had to be temporarily halted due to compromised water pressure regulation. The affected devices displayed a digital calling card left by the hackers, where they stated that Israeli-made equipment is deemed a legal target.
The advisory warns that the hackers, self-identifying as Cyber Av3ngers, are linked to Iran’s Islamic Revolutionary Guards Corps, designated a foreign terrorist organization by the U.S. in 2019. It is believed that the group has been targeting Unitronics devices since at least November 22.
Shodan, an online search service, reported the presence of over 200 internet-connected devices of the same nature in the U.S., with more than 1,700 globally.
One concerning aspect emphasized by the advisory is that Unitronics devices often come with a default password, making them more susceptible to hacking. Experts in the field highly discourage this practice and instead recommend devices be shipped with a requirement for users to create a unique password. The hackers likely exploited such vulnerabilities, including poor password security and exposure to the internet, to gain access to the affected devices.
Unfortunately, many water utilities have not given sufficient attention to cybersecurity measures, leaving critical infrastructure exposed to potential attacks.
Following the incident in Aliquippa, three Pennsylvania congressmen have urged the U.S. Justice Department to investigate the breach, emphasizing the need for the safety of America’s drinking water and other essential infrastructure against nation-state adversaries and terrorist organizations.
The Biden administration has been working on strengthening the cybersecurity of critical infrastructure, with regulations implemented for sectors such as electric utilities, gas pipelines, and nuclear facilities. Critics argue that many industries still rely on self-regulation and fall short in adequately safeguarding essential services.
As the world becomes increasingly interconnected, it is crucial to address the rising threats in cyberspace and take proactive measures to protect critical infrastructure from potential harm. Experts suggest that collaboration between governments, private sectors, and individuals is key to effectively mitigate these risks and ensure stability and security on a global scale.
