Share this article on:
The Australian Cyber Security Centre has issued a high-status alert for Australian organisations that use Unitronics PLCs and have not undertaken necessary cyber security guarantees, following reports that threat actors have targeted Unitronics Vision Series PLCs since 22 November.
The alert issued by the ACSC follows news reports in early December alleging that Unitronics devices are shipped with default credentials, which experts say makes them vulnerable to cyber attacks.
“Threat actors have likely used default passwords to gain access to potentially critical systems and perform defacement, although the access they have obtained enables them to reconfigure the device,” the ACSC advisory warned.
“This example continues to highlight the risk of internet-exposed industrial control systems (ICS) and the access to potentially sensitive and critical systems they can provide.”
The ACSC has advised several steps, including:
According to a joint advisory released by the FBI, The Cybersecurity and Infrastructure Security Agency (CISA), the US Environmental Protection Agency, and the Israel National Cyber Directorate, hackers linked with the Iranian Revolutionary Guard Corps targeted the Israeli-developed industrial control system, which resulted in a number of US organisations being breached.
“Since at least November 22, 2023, these IRGC-affiliated cyber actors have continued to compromise default credentials in Unitronics devices,” said the advisory.
“The victims span multiple US states.”
The number of organisations affected is still unknown. According to research by The Times of Israel, there were 200 Unitronics devices connected to the internet in the US alone and over 1,700 worldwide.
The hackers behind the attack go by the name “CyberAv3ngers”.
“These compromised devices were publicly exposed to the internet with default passwords,” said the CISA.
Organisations affected by the breach reportedly had monitors and screens infiltrated to show the message, “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.”
The Aliquippa Municipal Water Authority said last week that it found it had been hacked on 25 November, saying it had been informed that the same threat actor had targeted a number of other utilities.
Following the hack, Aliquippa was forced to switch to manual operations, bringing pumping for a remote station that regulated local water pressure to a standstill.
Furthermore, three Pennsylvania-based congressmen wrote a letter to the US Justice Department requesting it to investigate the cyber attack.