Iranian Hackers Exploit PLCs to Attack US Water Authority

Nov 29, 2023NewsroomCyber ​​Attack / Hacking

The US Cybersecurity and Infrastructure Security Agency (CISA) revealed that it is responding to a cyber attack involving the active exploitation of Unitronics programmable logic controllers (PLCs) to target the Municipal Water Authority of Aliquippa in western Pennsylvania.

The attack has been attributed to an Iranian-backed hacktivist collective known as Cyber ​​Av3ngers.

“Cyber ​​threat actors targeted PLCs associated with (Water and Wastewater Systems) facilities, including an identified Unitronics PLC, at a US water facility,” the agency said. SAYS.

“In response, the water authority of the affected municipality quickly took the system offline and switched to manual operations—there was no known risk to drinking water or the municipal water supply.”

According to news reports cited by the Water Information Sharing & Analysis Center (WaterISAC), CyberAv3ngers allegedly seized control of the booster station that monitors and regulates pressure for Raccoon and Potter Townships.


With the use of PLCs in the WWS sector to monitor various stages and processes of water and waste treatment, disruptive attacks that attempt to compromise the integrity of such critical processes may have adverse effects. impact, which prevents WWS facilities from providing access to clean, potable water.

To mitigate such attacks, CISA recommends that organizations change the Unitronics PLC default password, implement multi-factor authentication (MFA), disconnect the PLC from the internet, back up the logic and configurations of any Unitronics PLCs to facilitate repair, and use. latest updates.

Cyber ​​Av3ngers have a history of targeting critical infrastructure sectors, claiming to have put as many as 10 water treatment stations in Israel. Last month, the group also assumed responsibility for a major cyber assault on Orpak Systems, a prominent provider of gas station solutions in the country.

“Every Equipment ‘Made In Israel’ Is Cyber ​​Av3ngers Legal Target,” the group claimed in a message posted on his Telegram channel on November 26, 2023.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment