Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.

Cyber Security Threat Summary:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is responding to a cyber attack on the Municipal Water Authority of Aliquippa, Pennsylvania. The attack involved the exploitation of Unitronics programmable logic controllers (PLCs) and has been attributed to the Iranian-backed hacktivist group Cyber Av3ngers. The targeted PLCs are associated with Water and Wastewater Systems (WWS) facilities, specifically a Unitronics PLC at the water facility. The affected municipality's water authority took the system offline and switched to manual operations, ensuring no known risk to drinking water.

Security Officer Comments:
The hacktivist group Cyber Av3ngers, known for targeting critical infrastructure, allegedly seized control of a booster station regulating pressure for Raccoon and Potter Townships. Cyber Av3ngers previously claimed responsibility for infiltrating water treatment stations in Israel and a major cyber assault on Orpak Systems. The group's message on Telegram suggested a focus on Israeli-made equipment as legal targets.

Suggested Correction(s):
To mitigate such attacks, CISA recommends organizations change default passwords, enforce multi-factor authentication, disconnect PLCs from the internet, back up logic and configurations, and apply the latest updates.