You have4 free articles left this month.
Register for a free account to access unlimited free content.
You have 4 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily. Subscribe to our Newsletter
Advertisement

ACSC alert: Alarm raised over Unitronics PLC vulnerabilities

The Australian Cyber Security Centre has issued a high-status alert for Australian organisations that use Unitronics PLCs and have not undertaken necessary cyber security guarantees, following reports that threat actors have targeted Unitronics Vision Series PLCs since 22 November.

ACSC alert: Alarm raised over Unitronics PLC vulnerabilities
expand image

The alert issued by the ACSC follows news reports in early December alleging that Unitronics devices are shipped with default credentials, which experts say makes them vulnerable to cyber attacks.

“Threat actors have likely used default passwords to gain access to potentially critical systems and perform defacement, although the access they have obtained enables them to reconfigure the device,” the ACSC advisory warned.

“This example continues to highlight the risk of internet-exposed industrial control systems (ICS) and the access to potentially sensitive and critical systems they can provide.”

The ACSC has advised several steps, including:

  • Change all default passwords on PLCs and HMIs.
  • Disconnect the PLC from public-facing internet or filter access.
  • Implement multifactor authentications.
  • Make sure the PLCs are updated to the latest version.
  • Ensure PLC logic and configurations are backed up.

According to a joint advisory released by the FBI, The Cybersecurity and Infrastructure Security Agency (CISA), the US Environmental Protection Agency, and the Israel National Cyber Directorate, hackers linked with the Iranian Revolutionary Guard Corps targeted the Israeli-developed industrial control system, which resulted in a number of US organisations being breached.

“Since at least November 22, 2023, these IRGC-affiliated cyber actors have continued to compromise default credentials in Unitronics devices,” said the advisory.

“The victims span multiple US states.”

The number of organisations affected is still unknown. According to research by The Times of Israel, there were 200 Unitronics devices connected to the internet in the US alone and over 1,700 worldwide.

The hackers behind the attack go by the name “CyberAv3ngers”.

“These compromised devices were publicly exposed to the internet with default passwords,” said the CISA.

Organisations affected by the breach reportedly had monitors and screens infiltrated to show the message, “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.”

The Aliquippa Municipal Water Authority said last week that it found it had been hacked on 25 November, saying it had been informed that the same threat actor had targeted a number of other utilities.

Following the hack, Aliquippa was forced to switch to manual operations, bringing pumping for a remote station that regulated local water pressure to a standstill.

Furthermore, three Pennsylvania-based congressmen wrote a letter to the US Justice Department requesting it to investigate the cyber attack.

You need to be a member to post comments. Become a member for free today!

Comments (0)

Cyber Daily Comments
Attach images by dragging & dropping or by selecting them.
The maximum file size for uploads is MB. Only files are allowed.
 
The maximum number of 3 allowed files to upload has been reached. If you want to upload more files you have to delete one of the existing uploaded files first.
The maximum number of 3 allowed files to upload has been reached. If you want to upload more files you have to delete one of the existing uploaded files first.
Posting as

    newsletter
    cyber daily subscribe
    Be the first to hear the latest developments in the cyber industry.