Share this article on:
A cyber attack on an Israeli-developed industrial control system by hackers connected to Iran has resulted in a number of critical infrastructure organisations across the US being breached.
According to a joint advisory released by the Federal Bureau of Investigation (FBI), The Cybersecurity and Infrastructure Security Agency (CISA), the US Environmental Protection Agency, and the Israel National Cyber Directorate, the hackers behind the attack go by the name “CyberAv3ngers” and are affiliated with the Iranian government’s Islamic Revolutionary Guard Corps (IRGC).
The Unitronics devices reportedly ship with default credentials, which experts say makes them increasingly vulnerable to cyber attacks. Experts also believe that weaknesses such as default usernames and passwords were likely the methods used by the threat actor to gain access.
"Since at least November 22, 2023, these IRGC-affiliated cyber actors have continued to compromise default credentials in Unitronics devices," said the advisory.
“The victims span multiple US states.”
The number of organisations affected is still unknown. According to research by The Times of Israel, there were 200 Unitronics devices connected to the internet in the US alone, and over 1,700 worldwide.
The hackers are reportedly targeting Unitronics Vision Series programmable logic controllers (PLCs), which are Israeli made, and used in critical infrastructure industries such as healthcare, energy and, as pointed out by the CISA, the Water and Wastewater Systems (WWS) Sector.
"These compromised devices were publicly exposed to the internet with default passwords," said the CISA.
Organisations affected by the breach reportedly had monitors and screens infiltrated to show the message, “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.”
The Aliquippa Municipal Water Authority said last week that it found it had been hacked on 25 November, saying it had been informed that the same threat actor had targeted a number of other utilities.
Following the hack, Aliquippa was forced to switch to manual operations, bringing pumping for a remote station that regulated local water pressure to a standstill.
Furthermore, three Pennsylvania-based congressmen wrote a letter to the US Justice Department requesting them to investigate the cyber attack.
The letter, which was written by US senators John Fetterman and Bob Casey, alongside US Representative Chris Deluzio requested the Justice Department to ensure that the public are sure that critical resources such as water and power are safe from “nation-state adversaries and terrorist organisations”.
On top of the US victims, CyberAv3ngers said that it had hacked 10 water treatment stations in Israel.