U.S. officials are currently investigating a cybersecurity incident at the Municipal Water Authority of Aliquippa, Pennsylvania, following a breach by hackers linked to Iran’s Islamic Revolutionary Guard Corps. The group, known as the “Cyber Av3ngers,” successfully gained control of at least one device at a remote water station, highlighting the ongoing challenges of securing critical infrastructure against digital threats.
Details of the Breach
The breach occurred at a remote water station that regulates pressure for two townships, affecting a population of just over 7,000 people. Robert Bible, the general manager of the water authority, assured that there was no threat to the availability of water. Once the hack was detected, the utility switched to manual operations to maintain control.
Eric Goldstein, the executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), stated that the agency is closely engaged with sector and interagency partners to understand and address this evolving situation.
The Cyber Av3ngers’ Activities
The Cyber Av3ngers have a history of making exaggerated and false claims about their hacking exploits. In this instance, they did not gain access to the actual water treatment plant or other critical parts of the system, other than a pump that regulates pressure. The booster station sent an alarm to operators, who then took manual control of the station.
Implications of the Incident
While the incident did not impact operations or services, the fact that Iranian-linked hackers could force a U.S. water utility to switch to manual operations due to an intrusion is significant. It underscores the challenges of protecting critical infrastructure entities against digital breaches.
Experts caution against overstating the significance of the incident, noting that the group responsible is not known for its sophistication and has a history of making false claims about the impacts of its operations.
Iran’s Cyber Campaign Against Israel
The Cyber Av3ngers are linked to a broader Iranian cyber campaign against Israel. They have carried out several attacks, including on an Israeli company called Unitronics, which supplies software used in water systems. One of their attacks resulted in the defacement of computer screens at the Municipal Water Authority of Aliquippa.
CISA’s Response
CISA has issued an alert responding to the active exploitation of Unitronics PLCs used in the water sector. The agency noted that the hackers exploited poor security practices at the Pennsylvania water facility, including exposing the Unitronics device to the internet and using weak passwords.
Conclusion: A Reminder of Cybersecurity Importance
This incident serves as a reminder of the potential targets of cyber attacks and the importance of implementing robust cybersecurity measures. It highlights the need for continuous vigilance and proactive defense strategies, especially for critical infrastructure sectors that are increasingly becoming targets of sophisticated cyber attacks.