Iranian Hackers Go After US Water Utilities
Image courtesy of Focal Foto under Attribution-NonCommercial 2.0 Generic License, resized to 700 x 391 pixels.
Federal agencies have sounded the alarm over a scheme by a group of Iranian hackers that directly targets U.S. infrastructure such as water and wastewater systems. The group, known as Cyber Av3ngners, has been active for several years and has been directly linked to the Nov. 2023 attack against Pennsylvania-based Municipal Water Authority of Aliquippa.
What Exactly are the Iranian Hackers Hoping to Accomplish?
Cyber Av3ngners has been actively targeting critical infrastructure in Israel since 2020, specifically Israeli-made Unitronics programmable logic controllers (PLCs), which are commonly utilized within the water and wastewater industry, as well as the energy, healthcare, and food and beverage manufacturing industries.
Since Nov. 2023, the group has expanded its radius to include U.S. infrastructure. In addition to the aforementioned Pennsylvania water authority, the Iranian hackers have launched attacks against other small water utilities as well as Mueller Water Products. Screens linked to the hacked systems display an image that says, “You have been hacked, down with Israel.? The group’s goal; to undermine the general public’s sense of security.
According to research from a company called Forescout, there are over 1,800 Unitronics PLC units currently online, dozens of which are in the U.S. Cyber experts recommend that companies or utilities utilizing these PLCs take immediate action by updating default passwords, unplugging these devices from non-private parts of the internet, and deploying multifactor authentication tactics.
This is just another example of the degree to which all utilities are vulnerable to system hacking, and the threat is concerning because a largescale attack would have a direct negative impact on service reliability. Luckily, the vast majority of utilities in the U.S. (and presumably the world) have a cybersecurity plan in place, but it’s not clear if this alone will offer enough protection in the future.
Whether its Chinese, Russian, or Iranian hackers, these malicious groups will continue to come out of the woodwork, increasing the magnitude of the threat and likely requiring more proactive prevention and mitigation steps from utilities in the future.