US government confirms Iran is behind cyberattacks on water companies

Iranian hackers target Israeli-made equipment

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Iranian hackers were apparently behindrecent attacks on US water plants, according to the findings of the government’s Cybersecurity and Infrastructure Security Agency (CISA).

CISA has published a joint advisory together with the FBI, the NSA, the Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD), noting a hacker (or a group) with the alias “CyberAv3ngers” targeted Unitronics programmable logic controllers (PLCs), endpoints usually used by firms in the Water and Wastewater Systems (WWS) Sector.

These devices are also sometimes used in the energy, food and beverage manufacturing, and healthcare industries, the advisory added.

Mitigations advised

Apparently, CyberAv3ngers are with Iran’s Islamic Revolutionary Guard Corps (IRGC), and have decided to target the PLCs because they were manufactured by an Israeli company.

“Since at least November 22, 2023, these IRGC-affiliated cyber actors have continued to compromise default credentials in Unitronics devices,” it says in the joint advisory. “The IRGC-affiliated cyber actors left a defacement image stating, ‘You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.’ The victims span multiple US states.”

So far these have only been defacement campaigns, and there are no reports ofransomwarebeing installed.

CISA said all the affected endpoints were “publicly exposed to the internet with default passwords and by default are on TCP port 20256.” Going forward, CISA advises all critical infrastructure firms to change all default passwords on Unitronics devices and make sure they’re disconnected from the wider internet. Adding multi-factor authentication (MFA) is also helpful, as well as setting up and maintaining backups.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Other countries are using PLCs from the same manufacturer, too. Infosecurity says the UK’s National Cyber Security Centre (NCSC) recently issued an update warning of the potential risk, but adding that the risk was most likely “minimal, confined to small providers” and would probably not disrupt the country’s water supply.

ViaInfosecurity Magazine

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics