In recent developments, the United States and Israel have jointly issued an advisory concerning alarming cyber activities, believed to be orchestrated by Iran, targeting key industries. These attacks, which potentially endanger water systems, energy sectors, and food industries in the U.S., are linked to hackers affiliated with the Islamic Revolutionary Guard Corps (IRGC).
These cyber intrusions have been primarily executed through compromising programmable logic controllers (PLCs) manufactured by Unitronics, an Israeli company specializing in automation technology. The IRGC-affiliated actors, operating under the moniker ‘CyberAv3ngers’, have been active since at least November 22, 2023. Their operations include leaving defiant messages such as “You have been hacked, down with Israel” on compromised devices.
Pro #gaza Iran backed cyber terrorists threaten U.S. water, "You have been hacked, down with Israel. equipment 'made in Israel' is CyberAv3ngers target "#TheWestlsNext #IsraelFightsTerror #americhttps://t.co/Nrhx3vx5Ek— Grilled Cheese (@de_grilled) December 3, 2023
The alert issued by American and Israeli security agencies emphasizes the severity of these cyber attacks. The FBI, Cybersecurity & Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and Israel's National Cyber Directorate (INCD) have all contributed to this advisory. It details how these IRGC-affiliated cyber actors have exploited vulnerabilities in Unitronics devices, particularly by manipulating default credentials.
The impact of these cyber attacks is already evident across several states in the U.S., with critical infrastructure entities being the primary targets. The advisory urges these organizations to adopt specific recommendations to mitigate the risks posed by these cyber threats.
One notable instance of these attacks was the recent breach at the Municipal Water Authority of Aliquippa in Pennsylvania. The CyberAv3ngers claimed responsibility for this attack, during which they partially seized control of the system regulating water pressure through Unitronics' technology. However, swift action by the Water Authority’s personnel prevented any significant disruptions.
Furthermore, the joint statement indicates that CyberAv3ngers has been targeting Israeli infrastructure sectors since 2020, focusing on water, energy, shipping, and distribution sectors. Their attention has recently shifted to American facilities utilizing Israeli technology, with a particular focus on PLC devices due to their remote internet connectivity.
Despite the CyberAv3ngers' frequent claims of responsibility for their attacks on various platforms, including Telegram, not all these claims have been substantiated. For instance, their alleged attack on over 50 servers and security systems in Israel on October 18, 2023, was largely disproven.
Authorities warn of the likelihood of continued targeting of U.S.-based facilities by CyberAv3ngers. While the attacks so far have not caused significant damage or disruptions, there is an underlying concern about their potential to infiltrate deeper into control networks. FBI Director Christopher Wray, in his recent testimony before the Senate, cautioned that Iranian cyber attacks against U.S. critical infrastructure are expected to escalate amid ongoing tensions between Israel and Hamas.