US CISA: Secure Israeli-Made Technology From Iranian Hackers'Cyber Av3ngers' Didn't Tamper With Water Safety, Says Cyber Agency
The U.S. Cybersecurity and Infrastructure Security Agency sees no evidence that Iranian hackers gained unauthorized access to American water system operational facilities after a Tehran threat actor attacked a small Pennsylvania municipal water authority for its use of Israeli-designed equipment.
Eric Goldstein, CISA executive assistant director of cybersecurity, told reporters Monday afternoon that the hackers are associated with the Iranian government's Islamic Revolutionary Guard Corps and "accessed multiple U.S.-based water and wastewater facilities" that use pressure-monitoring equipment developed by Unitronics, an Israeli technology firm.
While the attack sent the Municipal Water Authority of Aliquippa scrambling during the Thanksgiving holiday weekend and forced workers to temporarily shut down automated systems, officials said local water service and quality remained unaffected (see: Iranian Hacking Group Attacks Pennsylvania Water Authority).
The hacking group, known as "Cyber Av3ngers," managed to shut down a supply pump providing drinking water to multiple municipalities in Pennsylvania, including a town with nearly 3,000 residents. The chairman of the Aliquippa water authority said at the time that the group had failed to gain access to the water treatment plant itself because the Unitronics device was installed on an isolated computer system outside of the treatment facilities.
On Friday, CISA and the FBI - along with the NSA, the Environmental Protection Agency and the Israel National Cyber Directorate - released a joint cybersecurity advisory that urges water and wastewater facilities to ensure they are protected against IRGC-affiliated threat actors.
The agencies recommend that organizations across sectors that use Israeli-made programmable logic controllers implement multifactor authentication; use strong, unique passwords; and remove default passwords from their devices. The advisory says that Unitronics devices are used in a variety of industries, including healthcare and food, energy and beverage manufacturing.
The attack comes as the Israel-Hamas war continues to intensify. Israeli cybersecurity firm Check Point on Monday observed that Iranian hacktivist proxies - including Cyber Av3ngers - are expanding cyber operations beyond Israel to execute a "narrative of retaliation." In attacking American organizations using Israeli technology, the proxies are attempt "a dual retaliation strategy - claiming to target both Israel and the U.S. in a single, orchestrated cyber assault."
CISA continues to actively monitor threats against the U.S. government and its partners, as well as critical infrastructure sectors and private industry, from IRGC threat actors, Goldstein told reporters.