Federal agencies and authorities have reported that hackers associated with Iran have carried out cyber attacks in multiple US states.
According to authorities in the United States and Israel, a water authority located in western Pennsylvania was among several organizations that were targeted by hackers associated with Iran. The hackers specifically focused on an industrial control device that was manufactured in Israel.
Multiple states in the United States, along with the FBI, Environmental Protection Agency, Cybersecurity and Infrastructure Security Agency (CISA), and Israel’s National Cyber Directorate, issued an advisory to The Associated Press on Friday evening stating that there are numerous victims.
No information was provided on the number or identification of the organizations affected by the hacks.
On November 25th, Matthew Mottes, the head of the Municipal Water Authority in Aliquippa, was informed by federal officials that they had been hacked. They also revealed that the same group had hacked four other utility companies and an aquarium.
According to cybersecurity analysts, there is no proof of Iranian participation in the October 7 assault on Israel by Hamas, which sparked the Gaza conflict. However, they predicted that Iranian state-sponsored hackers and pro-Palestinian hacktivists would intensify their cyber assaults on Israel and its allies following the event. As expected, this has occurred.
The advisory from multiple agencies clarified that CISA had not mentioned before, when it confirmed the hack in Pennsylvania on Wednesday, that other industries besides water and water treatment facilities also utilize the same equipment. This equipment is the Vision Series programmable logic controllers manufactured by Unitronics, and they too may be at risk of vulnerability.
According to the advisory, the industries affected are “energy, food and beverage manufacturing, and healthcare.” The devices control various processes such as pressure, temperature, and fluid flow.
The Aliquippa breach caused workers to pause pumping at a distant station responsible for regulating water pressure for two nearby towns. This forced crews to resort to manual operation. The hackers left a digital message on the infiltrated device stating that all equipment made in Israel is considered a legitimate target.
The joint warning stated that it is uncertain if the attackers attempted to access further into the compromised networks.
According to the notification, the group of hackers, self-identified as “Cyber Av3ngers,” is connected to Iran’s Islamic Revolutionary Guards Corps, which was classified as a foreign terrorist organization by the U.S. in 2019.
The group has been focusing on attacking Unitronics devices since at least November 22nd, according to their statement.
On Saturday, using the Shodan service, an online search revealed over 200 internet-connected devices in the United States and over 1,700 globally.
The advisory states that Unitronics devices come with a pre-set password, which experts advise against as it increases the risk of hacking. The recommended approach is for devices to prompt the creation of a unique password upon initial setup. It suggests that hackers gained access to affected devices by exploiting cybersecurity vulnerabilities, such as weak passwords and exposure to the internet.
Following the Aliquippa cyber attack, three members of Congress from Pennsylvania wrote a letter to the U.S. Justice Department requesting an investigation. Senators John Fetterman and Bob Casey, along with Representative Chris Deluzio, emphasized the importance of ensuring the safety of Americans’ drinking water and other essential infrastructure from potential threats from “nation-state adversaries and terrorist organizations.”
The group Cyber Av3ngers announced on October 30 via social media that they successfully infiltrated 10 water treatment facilities in Israel. It is uncertain if they caused any disruption to the equipment.
Unitronics has yet to provide a response to the AP’s inquiries regarding the hacks.
The assault occurred within a month of a federal court ruling that led the EPA to revoke a regulation requiring public water systems in the United States to conduct cybersecurity tests during their routine federally mandated audits. This decision was made in response to a lawsuit brought by Missouri, Arkansas, and Iowa, with support from a trade association for water utilities.
The Biden administration has been working towards improving the security of essential infrastructure, of which over 80% is under private ownership. This has led to the implementation of regulations in industries such as electric utilities, gas pipelines, and nuclear facilities. However, there are concerns among experts that too many crucial sectors are allowed to regulate themselves.