Vigilant News

Eternal Vigilance is the price of liberty.

Cyberwarfare

More Narrative Seeding? Ukraine’s Leading Mobile Provider Targeted by Severe Cyber Assault
This attack is the latest in a series of headlines regarding cyberwarfare

By ,

The largest mobile network operator in Ukraine was the target of what Reuters is calling the “largest cyber attack of the war with Russia so far” on Tuesday. Millions of users were unable to access mobile and internet services, and portions of the Kyiv region were also without air raid alert systems.

In addition to over 1.1 million residential internet subscribers, Kyivstar boasts a mobile subscriber base of 24.3 million, which exceeds half of the population of Ukraine.

Its CEO, Oleksandr Komarov, stated that the attack was “partially destroyed” and was “a consequence” of the conflict with Russia; he did not specify which Russian organization he believed to be responsible.

In short, nothing is yet confirmed but the imminent threat of what the World Economic Forum refers to as a “cyber storm” remains fresh in the minds of the individuals who consume this kind of news media.

“War is also happening in cyber-space. Unfortunately, we have been hit as a result of this war,” he told a national television broadcast.

Ukraine’s SBU intelligence agency informed Reuters that a cyberattack orchestrated by Russian security services was one of the possibilities under investigation.

In the Reuters article, it is stated that “Russia’s foreign ministry did not immediately respond to a request for comment.” It is unknown how much time was given for Russia to respond, only that they did not respond immediately.

“(The attack) significantly damaged (our) infrastructure, limited access, we could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy’s access,” Komarov said.

An anonymous source that Reuters alleges is “close to Ukraine’s cyber defense” said that Russia was suspected to be the source of the attack, but no specific group had been identified.

Again, there is no solid proof that it was Russia.

This is our third story in two weeks regarding hackers or large-scale cyberattacks.

Related: Federal Agencies Report Breaches by Iranian Hackers, Numerous U.S. States Affected

Related: DOJ: Russian Hackers Employed a “Sophisticated Spear Phishing Campaign” Against Us Intelligence Officers

Federal Agencies Report Breaches by Iranian Hackers, Numerous U.S. States Affected

By ,

According to U.S. and Israeli authorities, numerous organizations in the United States were compromised by Iran-affiliated hackers who targeted an Israeli-made industrial control device. A minor water authority in western Pennsylvania was among the many organizations compromised.

“The victims span multiple U.S. states,” an advisory emailed to The Associated Press late Friday by the FBI, the Environmental Protection Agency, the Cybersecurity and Infrastructure Security Agency (CISA), and Israel’s National Cyber Directorate.

The number of compromised organizations was not specified, and no other details were provided.

Federal officials informed Matthew Mottes, chairman of the Municipal Water Authority of Aliquippa, which discovered it had been infiltrated on November 25, that the same group also compromised four other utilities and an aquarium, on Thursday.

Even though there is no evidence linking Iran to the October 7 attack on Israel by Hamas, which instigated the conflict in Gaza, cybersecurity experts anticipate that pro-Palestinian hacktivists and Iranian-backed hackers will intensify cyberattacks against Israel and its allies in the wake of the incident. Indeed, that has occurred.

The multiagency advisory provided information that CISA did not have when it confirmed the Pennsylvania breach on Wednesday: that vulnerable Vision Series programmable logic controllers manufactured by Unitronics are utilized in industries other than water and water treatment facilities.

These sectors include “energy, food and beverage manufacturing, and healthcare,” according to the advisory. The apparatus controls various processes, such as the discharge of fluids, temperature, and pressure.

Crews were compelled to transition to manual operation after the Aliquippa hack prompted employees to temporarily cease pumping at a remote station that regulates water pressure for two neighboring towns. On the compromised device, the hackers left a digital calling card that stated “any Israeli-made equipment is a legal target.”

According to the multiagency advisory, it remained uncertain whether the hackers attempted to further infiltrate the compromised networks. They were granted access that facilitated “more profound cyberphysical effects on processes and equipment,” according to the document.

The hackers, who identify as “Cyber Av3ngers,” are reportedly affiliated with the Islamic Revolutionary Guards Corps of Iran, a foreign terrorist organization designated by the United States in 2019. The group has reportedly been targeting Unitronics devices since at least November 22.

An online search conducted on the engine Shodan on Saturday uncovered over 200 internet-connected devices in the United States and over 1,700 worldwide.

The advisory notes that Unitronics devices are shipped with a default password, which is discouraged by experts due to the increased susceptibility to malware. In accordance with established guidelines, devices need to have an initial password that is distinct from the rest. It is assumed that the compromised devices were accessed by the hackers through “exploitation of cybersecurity vulnerabilities, such as inadequate password protection and internet connectivity.”

According to authorities, a considerable number of water utilities have neglected cybersecurity.

In response to the Aliquippa hack, three Pennsylvania congressmen asked the U.S. Justice Department in a letter to investigate. Americans must know their drinking water and other basic infrastructure is safe from “nation-state adversaries and terrorist organizations,” U.S. Sens. John Fetterman and Bob Casey and U.S. Rep. Chris Deluzio said. Cyber Av3ngers claimed in an Oct. 30 social media post to have hacked 10 water treatment stations in Israel, though it is not clear if they shut down any equipment.

According to Sergey Shykevich of Check Point, the organization has escalated and broadened its focus on Israeli critical infrastructure since the inception of the Israel-Hamas conflict. Before the events of October 7, Iran and Israel were involved in a low-level cyberconflict. The AP has not received a response from Unitronics regarding the breaches.

A federal appeals court decision prompted the EPA to rescind a rule that would have required U.S. public water systems to conduct cybersecurity testing as part of their routine federally mandated audits. The attack occurred less than one month later. A federal appeals court decision in a case filed by Missouri, Arkansas, and Iowa, with the support of a water utility trade group, instigated the reversal.