Iranian Hackers Attack US Water Supplies

Uploaded on 2024-04-15 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW, BUSINESS-Production-Utilities, TECHNOLOGY--Hackers

A White House national security official has said recent cyber attacks by Iranian hackers on US water authorities should be seen as a call to action by utilities and industry to tighten cyber security.

Now, the US government is warning state governors that Iranian hackers are carrying out disruptive cyber attacks against water and sewage systems throughout the country, as a result if rising tensions in the Middle East.

The US national security adviser Jake Sullivan, has warned state governors and asked them to be  alert for potential cyber attacks on States critical infrastructure systems. The warning letter which was released last month was co-authored by Michael Regan, the head of the US Environmental Protection Agency. 

This warning comes after Islamic Revolutionary Guard Corps (IRGC), were attributed responsibility for cyber attacks against critical US infrastructure, including drinking water systems. The IRGC affiliated hackers were able to target and disable a common type of operational technology used at water facilities where the facility had neglected to change a default manufacturer password.

Sullivan and Regan refer to ongoing threats from hackers linked to the governments of Iran and China and warned hackers associated with both states have previously attacked water systems. Their intention is to warn to organisations operating critical utilities and that in many cases their facilities lack the personnel and technical resources to address the threat or implement robust cyber security mechanisms.  

The US has imposed sanctions on six officials in IRGC, which it says are responsible for the cyber-attacks on American water plants in 2023. Hackers related to the Iranian regime attacked Israeli-made digital controls in the water industries in the US last November, affecting several states without affecting water supply.

Water facilities in the US have long been an easy target for cyber attacks due to the critical underfunding, low staffing levels, and a general lack of cyber security. 

The US Government has previously said that the burden of responsibility for cyber security should be shifted onto private enterprises, that are best positioned to reduce the risks for small businesses and public institutions.

Telegraph     |     BBC     |     Oodaloop     |     CBS News     |     Iran International   | Reuters     |     Tech Radar    |

 Bloomberg    |      Image: Dan Meyers

 

You Might Also Read:

Attack On Israel’s Water Systems:

DIRECTORY OF SUPPLIERS - Critical Infrastructure Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« British Businesses Must Do More To Protect Themselves
Controlling The Use Of Cyber Weapons »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DCL Search & Select

DCL Search & Select

DCL Search & Selection connect candidates to the best companies in the IT Security, Telco, UC, Outsourcing, ERP, Audit & Control markets.

Deltagon

Deltagon

Deltagon develops information security solutions to protect companies’ confidential information in e-communication and e-services.

Haltdos

Haltdos

Haltdos is an AI driven website protection service that secures websites against today's cyber threats.

Infosistem

Infosistem

Infosistem is a Croatian ICT company with extensive expertise and experience in enterprise and SMB ICT projects and solutions.

DarkLight

DarkLight

DarkLight is a cybersecurity platform that mimics human thinking at scale to build resiliency to Advanced Persistent Threats.

Huntress Labs

Huntress Labs

Huntress provides managed threat detection and response services to uncover and address malicious footholds that slip past your preventive defenses.

OnDefend

OnDefend

OnDefend delivers information security solutions that improve overall security posture, reduce risks and defend against continually evolving and persistent cyber adversaries.

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

Lightspin

Lightspin

Lightspin is a contextual cloud security platform that continuously visualizes, detects, prioritized, and prevents any threat to your cloud stack.

Charterhouse Voice & Data

Charterhouse Voice & Data

Charterhouse is your trusted technology partner - designing, provisioning and supporting the technology that underpins your operations including network security and data compliance.

FPG Technologies & Solutions

FPG Technologies & Solutions

FPG Technology is a technology solutions provider and systems integrator, specializing in delivering IT Consulting, IT Security, Cloud, Mobility, Infrastructure solutions and services.

Cloudsec Asia

Cloudsec Asia

Cloudsec Asia is Thailand's top-ranked cybersecurity consultant company. We offers security services to ensure that all your IT assets are reliable, accessible, and secure.

Cybecs Security Solutions

Cybecs Security Solutions

Cybecs was founded to address rapid technological advancement, changing business models, global privacy regulations, and increasing cyber threats for global organizations.

Chorus

Chorus

Chorus are a leading Managed Security Service Provider (MSSP), and member of the Microsoft Intelligent Security Association (MISA), with three Microsoft Advanced Specialisations in security.

CyberUpgrade

CyberUpgrade

CyberUpgrade is on a mission to empower executives to gain control over their organization’s cybersecurity.

Sandfly Security

Sandfly Security

Sandfly focuses on Linux security that is high performance, high stability, high compatibility, and low risk.