According to authorities from both the United States and Israel, a water authority in western Pennsylvania was among several organizations that were hacked by a group linked to Iran. The hackers targeted a specific industrial control device because it was manufactured in Israel.

Multiple U.S. states were affected, according to an advisory sent to The Associated Press on Friday by the FBI, Environmental Protection Agency, Cybersecurity and Infrastructure Security Agency (CISA), and Israel’s National Cyber Directorate.

The number of organizations that were hacked or any other details about them were not disclosed.

On November 25th, Matthew Mottes, the head of the Aliquippa Municipal Water Authority, announced that they had been hacked. He stated on Thursday that government officials informed him that the same group also hacked into four other utilities and an aquarium.

According to cybersecurity analysts, there is no proof of Iranian participation in the October 7th attack on Israel by Hamas, which sparked the Gaza war. However, they predicted that Iranian government-supported hackers and pro-Palestinian activists would increase their cyberattacks on Israel and its allies following the incident. This prediction has since come true.

The advisory from multiple agencies clarified information about the Pennsylvania hack, confirming that other industries, besides water and water-treatment facilities, also use the same equipment, specifically the Vision Series programmable logic controllers manufactured by Unitronics, and could also be at risk.

The advisory states that the industries affected are “energy, food and beverage manufacturing, and healthcare.” The devices are responsible for controlling various processes such as pressure, temperature, and fluid flow.

The Aliquippa hack promoted workers to temporarily halt pumping in a remote station that regulates water pressure for two nearby towns, leading crews to switch to manual operation. The hackers left a digital calling card on the compromised device saying all Israeli-made equipment is “a legal target.”

The advisory from multiple agencies stated that it was unclear if the hackers attempted to gain further access into compromised networks. However, the access they did obtain allowed for more significant impacts on processes and equipment through cyber attacks.

According to the advisory, the group known as “Cyber Av3ngers” are linked to Iran’s Islamic Revolutionary Guards Corps, which was labeled as a foreign terrorist organization by the U.S. in 2019. The Unitronics devices have been under attack by this group since at least November 22.

During a search on Saturday using the Shodan service, over 200 internet-connected devices were found in the United States and over 1,700 globally.

The advisory states that Unitronics devices come with a preset password, which is not recommended by experts as it increases the risk of being hacked. It is recommended that devices should require a customized password upon initial setup. The hackers most likely gained access to affected devices by exploiting vulnerabilities in cybersecurity, such as weak password security and exposure to the internet.

According to experts, numerous water companies have not given enough consideration to protecting against cyber threats.

After the Aliquippa hack, three congressmen from Pennsylvania wrote a letter to the U.S. Justice Department requesting an investigation. Senators John Fetterman and Bob Casey, along with Representative Chris Deluzio, stated that it is important for Americans to feel confident in the safety of their drinking water and basic infrastructure, especially in regards to potential threats from nations or terrorist organizations. A group called Cyber Av3ngers claimed on October 30th via social media that they had hacked into 10 water treatment stations in Israel, though it has not been confirmed if any equipment was affected.

According to Sergey Shykevich of Check Point, the Israel-Hamas conflict has led to an increase in the targeting and speed of attacks on important Israeli infrastructure. Prior to October 7th, there had been ongoing cyberconflict between Iran and Israel. The AP has reached out to Unitronics for comment on the hacks, but has not received a response.

The assault occurred within a month of a ruling by a federal court of appeals which led to the EPA revoking a regulation that would have required American public water systems to conduct cybersecurity evaluations as part of their routine federally mandated audits. This decision was prompted by a court ruling in a lawsuit filed by Missouri, Arkansas, and Iowa, with support from a trade organization for water utilities.

The current administration under President Biden has been working to strengthen the protection of critical infrastructure, which is mostly owned by private entities. This includes implementing regulations for industries such as electric utilities, gas pipelines, and nuclear facilities. However, some experts argue that there are still too many vital industries that are allowed to regulate themselves.

Source: wral.com