Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

US government confirms Iran is behind cyberattacks on water companies

A white padlock on a dark digital background.

Iranian hackers were apparently behind recent attacks on US water plants, according to the findings of the government's Cybersecurity and Infrastructure Security Agency (CISA).

CISA has published a joint advisory together with the FBI, the NSA, the Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD), noting a hacker (or a group) with the alias “CyberAv3ngers” targeted Unitronics programmable logic controllers (PLCs), endpoints usually used by firms in the Water and Wastewater Systems (WWS) Sector. 

These devices are also sometimes used in the energy, food and beverage manufacturing, and healthcare industries, the advisory added. 

Mitigations advised

Apparently, CyberAv3ngers are with Iran’s Islamic Revolutionary Guard Corps (IRGC), and have decided to target the PLCs because they were manufactured by an Israeli company. 

“Since at least November 22, 2023, these IRGC-affiliated cyber actors have continued to compromise default credentials in Unitronics devices,” it says in the joint advisory. “The IRGC-affiliated cyber actors left a defacement image stating, ‘You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.’ The victims span multiple US states.”

So far these have only been defacement campaigns, and there are no reports of ransomware being installed.

CISA said all the affected endpoints were “publicly exposed to the internet with default passwords and by default are on TCP port 20256.” Going forward, CISA advises all critical infrastructure firms to change all default passwords on Unitronics devices and make sure they’re disconnected from the wider internet. Adding multi-factor authentication (MFA) is also helpful, as well as setting up and maintaining backups. 

Other countries are using PLCs from the same manufacturer, too. Infosecurity says the UK’s National Cyber Security Centre (NCSC) recently issued an update warning of the potential risk, but adding that the risk was most likely “minimal, confined to small providers” and would probably not disrupt the country’s water supply.

Via Infosecurity Magazine

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.