US government confirms Iran is behind cyberattacks on water companies

News
By published

Iranian hackers target Israeli-made equipment

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

Iranian hackers were apparently behind recent attacks on US water plants, according to the findings of the government's Cybersecurity and Infrastructure Security Agency (CISA).

CISA has published a joint advisory together with the FBI, the NSA, the Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD), noting a hacker (or a group) with the alias “CyberAv3ngers” targeted Unitronics programmable logic controllers (PLCs), endpoints usually used by firms in the Water and Wastewater Systems (WWS) Sector. 

These devices are also sometimes used in the energy, food and beverage manufacturing, and healthcare industries, the advisory added. 

Mitigations advised

Apparently, CyberAv3ngers are with Iran’s Islamic Revolutionary Guard Corps (IRGC), and have decided to target the PLCs because they were manufactured by an Israeli company. 

“Since at least November 22, 2023, these IRGC-affiliated cyber actors have continued to compromise default credentials in Unitronics devices,” it says in the joint advisory. “The IRGC-affiliated cyber actors left a defacement image stating, ‘You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.’ The victims span multiple US states.”

So far these have only been defacement campaigns, and there are no reports of ransomware being installed.

CISA said all the affected endpoints were “publicly exposed to the internet with default passwords and by default are on TCP port 20256.” Going forward, CISA advises all critical infrastructure firms to change all default passwords on Unitronics devices and make sure they’re disconnected from the wider internet. Adding multi-factor authentication (MFA) is also helpful, as well as setting up and maintaining backups. 

Other countries are using PLCs from the same manufacturer, too. Infosecurity says the UK’s National Cyber Security Centre (NCSC) recently issued an update warning of the potential risk, but adding that the risk was most likely “minimal, confined to small providers” and would probably not disrupt the country’s water supply.

Via Infosecurity Magazine

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Avast cybersecurity
Hackers are hijacking government software to access sensitive servers
China US flags cropped
CISA says ‘no indication’ other US government agencies affected in Treasury hack
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
China
Chinese cybersecurity firm hit by US sanctions over ties to Flax Typhoon hacking group
Russia
Major Russian hacking group shifts focus to US and UK targets
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
SDUNITED AX835-025FF mini PC

This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
See more latest
Most Popular
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser