Iranian Hackers Attack US Water System

Iran-linked hackers  have exploited Israeli-made programmable logic controllers (PLCs) used in multiple water systems and other operational technology facilities across the US, according to US cyber security agencies. Iran has been linked with repeated attacks on Israeli water infrastructure.

A senior White House national security official has spoken about these recent cyber attacks by Iranian hackers on US water utilities and ransomware attacks on the healthcare industry, saying there should be stronger cyber security. 

Iranian hackers breached a Pennsylvanian water utility and this was just one of the operations cyber attacked in an apparent politically motivated attack. Municipal Water Authority of Aliquippa (MWAA) said it resorted to manual controls after hackers breached pressure monitoring equipment at one of their booster stations over Thanksgiving weekend.

The US Cybersecurity and Infrastructure Security Agency (CISA) has said that the hackers, known as "CyberAv3ngers," have been infiltrating video screens with the message "You have been hacked, down with Israel. Every equipment 'made in Israel' is CyberAv3ngers legal target." Anne Neuberger the Deputy National Security Adviser said  that recent attacks on a number of American organisations by the Iranian hacker group known as Cyber Av3ngers, though to be linked with the Iranian military.

The hackers said they were specifically targeting organisations that used programmable logic controllers made by the Israeli company Unitronics, commonly used by water and water treatment utilities.

The affected device monitors and regulates pressure for Raccoon and Potter townships in Beaver County. The attack did not affect water quality or availability. But the attacks do offer a renewed warning-call utility companies and operators of critical infrastructure are facing persistent and capable cyber attacks from hostile countries and criminals that are not going away.

 “Some pretty basic practices would have made a big difference there... We need to be locking our digital doors. There are significant criminal threats, as well as capable countries, but particularly criminal threats, that are costing our economy a lot.” according to Neuberger

The US government is increasingly  concerned about Iran attempting to aggravate the Israeli-Hamas conflict through the ise of proxy groups like CyberAv3ngers.

Neuberger said that this event emphasised the need to step up cyber security efforts and the most recent attack 
came after a federal appeals court decision in October prompted the Environmental Protection Agency to drop regulations that would have obliged US public water systems to include cyber security testing in their regular audits. 

Neuberger also noted recent criminal ransomware attacks that have devastated health care systems, arguing those attacks spotlight the need for government and industry to take steps to tighten cyber security.

A recent global study by the leading cyber security firm Sophos found that nearly two-thirds of health care organisations were hit by ransomware attacks in the year ending in March, double the rate from two years earlier but  slightly lower than 2022. 

CISA:    The Hill:     AP:     ArabNews:   CPO Magazine:     The Register:    NPR:     Sophos:

Image:  American Public Power Association 

You Might Also Read: 

Iran Fingered For Attack On Israeli Water Infrastructure:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 

« Google Launches Its New AI Model - Gemini
EU Agrees Regulations For Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Fuel Recruitment

Fuel Recruitment

Fuel Recruitment is a specialist recruitment company for the IT, Telecoms, Engineering, Consulting and Marketing industries.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

CQS (Certified Quality Systems)

CQS (Certified Quality Systems)

CQS is an organisation specialising in ISO assessment and certification, including ISO 27001, along with other management system standards.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

EG-CERT

EG-CERT

EG-CERT is the national Computer Emergency Response Team for Egypt.

LSEC

LSEC

LSEC is a global innovator and facilitator for the Cybersecurity industry. It is a non-profit membership organisation supporting further maturing the industry through its end users.

Digital Law

Digital Law

Digital Law is the only UK law firm to specialise solely in online, data and cyber law.

Red Sift

Red Sift

Red Sift is the only integrated cloud email and brand protection platform, supporting organizations to secure their communications.

GlobalPlatform

GlobalPlatform

GlobalPlatform’s specifications are highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

Zercurity

Zercurity

Zercurity is on a mission to build the ultimate cybersecurity operations platform for businesses. To help protect against a growing number of internal and external threats.

Polymer

Polymer

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

VikingCloud

VikingCloud

VikingCloud (formerly Sysnet Global Solutions) offers organizations an integrated cybersecurity and compliance solution to make informed, predictive, and cost-effective risk mitigation and prevention

The PenTesting Company

The PenTesting Company

The PenTesting Company is owned and operated by offensive security professionals. Penetration Testing is essentially all we do.

KCS Group Europe

KCS Group Europe

KCS Group helps its clients to identify and deal with any risks, weaknesses and threats which could impact on the business financially or reputationally.

Confidencial

Confidencial

Confidencial is a provider of solutions that help organizations secure their most sensitive information, regardless if that information exists inside or is shared outside the organization.

NewEvol

NewEvol

Don’t React, Evolve! Outsmart threats with real-time AI-powered dynamic defense capability of NewEvol all-in-one cybersecurity platform.