Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Iranian cyber attack on Israeli tech leads to US critical infrastructure breaches across the country

A cyber attack on an Israeli-developed industrial control system by hackers connected to Iran has resulted in a number of critical infrastructure organisations across the US being breached.

user icon Daniel Croft
Mon, 04 Dec 2023
Iranian cyber attack on Israeli tech leads to nationwide US critical infrastructure breaches
expand image

According to a joint advisory released by the Federal Bureau of Investigation (FBI), The Cybersecurity and Infrastructure Security Agency (CISA), the US Environmental Protection Agency, and the Israel National Cyber Directorate, the hackers behind the attack go by the name “CyberAv3ngers” and are affiliated with the Iranian government’s Islamic Revolutionary Guard Corps (IRGC).

The Unitronics devices reportedly ship with default credentials, which experts say makes them increasingly vulnerable to cyber attacks. Experts also believe that weaknesses such as default usernames and passwords were likely the methods used by the threat actor to gain access.

"Since at least November 22, 2023, these IRGC-affiliated cyber actors have continued to compromise default credentials in Unitronics devices," said the advisory.

============
============

“The victims span multiple US states.”

The number of organisations affected is still unknown. According to research by The Times of Israel, there were 200 Unitronics devices connected to the internet in the US alone, and over 1,700 worldwide.

The hackers are reportedly targeting Unitronics Vision Series programmable logic controllers (PLCs), which are Israeli made, and used in critical infrastructure industries such as healthcare, energy and, as pointed out by the CISA, the Water and Wastewater Systems (WWS) Sector.

"These compromised devices were publicly exposed to the internet with default passwords," said the CISA.

Organisations affected by the breach reportedly had monitors and screens infiltrated to show the message, “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.”

The Aliquippa Municipal Water Authority said last week that it found it had been hacked on 25 November, saying it had been informed that the same threat actor had targeted a number of other utilities.

Following the hack, Aliquippa was forced to switch to manual operations, bringing pumping for a remote station that regulated local water pressure to a standstill.

Furthermore, three Pennsylvania-based congressmen wrote a letter to the US Justice Department requesting them to investigate the cyber attack.

The letter, which was written by US senators John Fetterman and Bob Casey, alongside US Representative Chris Deluzio requested the Justice Department to ensure that the public are sure that critical resources such as water and power are safe from “nation-state adversaries and terrorist organisations”.

On top of the US victims, CyberAv3ngers said that it had hacked 10 water treatment stations in Israel.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.