According to U.S. and Israeli authorities, numerous organizations in the United States were compromised by Iran-affiliated hackers who targeted an Israeli-made industrial control device. A minor water authority in western Pennsylvania was among the many organizations compromised.
“The victims span multiple U.S. states,” an advisory emailed to The Associated Press late Friday by the FBI, the Environmental Protection Agency, the Cybersecurity and Infrastructure Security Agency (CISA), and Israel’s National Cyber Directorate.
The number of compromised organizations was not specified, and no other details were provided.
Federal officials informed Matthew Mottes, chairman of the Municipal Water Authority of Aliquippa, which discovered it had been infiltrated on November 25, that the same group also compromised four other utilities and an aquarium, on Thursday.
Even though there is no evidence linking Iran to the October 7 attack on Israel by Hamas, which instigated the conflict in Gaza, cybersecurity experts anticipate that pro-Palestinian hacktivists and Iranian-backed hackers will intensify cyberattacks against Israel and its allies in the wake of the incident. Indeed, that has occurred.
The multiagency advisory provided information that CISA did not have when it confirmed the Pennsylvania breach on Wednesday: that vulnerable Vision Series programmable logic controllers manufactured by Unitronics are utilized in industries other than water and water treatment facilities.
These sectors include “energy, food and beverage manufacturing, and healthcare,” according to the advisory. The apparatus controls various processes, such as the discharge of fluids, temperature, and pressure.
Crews were compelled to transition to manual operation after the Aliquippa hack prompted employees to temporarily cease pumping at a remote station that regulates water pressure for two neighboring towns. On the compromised device, the hackers left a digital calling card that stated “any Israeli-made equipment is a legal target.”
According to the multiagency advisory, it remained uncertain whether the hackers attempted to further infiltrate the compromised networks. They were granted access that facilitated “more profound cyberphysical effects on processes and equipment,” according to the document.
The hackers, who identify as “Cyber Av3ngers,” are reportedly affiliated with the Islamic Revolutionary Guards Corps of Iran, a foreign terrorist organization designated by the United States in 2019. The group has reportedly been targeting Unitronics devices since at least November 22.
An online search conducted on the engine Shodan on Saturday uncovered over 200 internet-connected devices in the United States and over 1,700 worldwide.
The advisory notes that Unitronics devices are shipped with a default password, which is discouraged by experts due to the increased susceptibility to malware. In accordance with established guidelines, devices need to have an initial password that is distinct from the rest. It is assumed that the compromised devices were accessed by the hackers through “exploitation of cybersecurity vulnerabilities, such as inadequate password protection and internet connectivity.”
According to authorities, a considerable number of water utilities have neglected cybersecurity.
In response to the Aliquippa hack, three Pennsylvania congressmen asked the U.S. Justice Department in a letter to investigate. Americans must know their drinking water and other basic infrastructure is safe from “nation-state adversaries and terrorist organizations,” U.S. Sens. John Fetterman and Bob Casey and U.S. Rep. Chris Deluzio said. Cyber Av3ngers claimed in an Oct. 30 social media post to have hacked 10 water treatment stations in Israel, though it is not clear if they shut down any equipment.
According to Sergey Shykevich of Check Point, the organization has escalated and broadened its focus on Israeli critical infrastructure since the inception of the Israel-Hamas conflict. Before the events of October 7, Iran and Israel were involved in a low-level cyberconflict. The AP has not received a response from Unitronics regarding the breaches.
A federal appeals court decision prompted the EPA to rescind a rule that would have required U.S. public water systems to conduct cybersecurity testing as part of their routine federally mandated audits. The attack occurred less than one month later. A federal appeals court decision in a case filed by Missouri, Arkansas, and Iowa, with the support of a water utility trade group, instigated the reversal.
Ryan DeLarme is a disillusioned journalist navigating a labyrinth of political corruption, overreaching corporate influence, high finance, compromised media, and the planned destruction of our constitutional republic. He is also a Host and Founder at Vigilant News. His writing has been featured in American Thinker, Winter Watch, Underground Newswire, and Stillness in the Storm. He also has written scripts for television series featured on Rise.tv. Ryan enjoys gardening, creative writing, and fighting to SAVE AMERICA