In a recent turn of events, the Cybersecurity and Infrastructure Agency (CISA) issued a significant advisory highlighting malicious cyber activities orchestrated by an Iranian cyber group targeting various United States facilities.
This advisory, posted on December 1, sheds light on the usage of Israeli-made systems by the cyber group known as “CyberAv3ngers,” to compromise operational technology devices in critical infrastructure sectors.
The CISA, along with several other federal agencies, including the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Environmental Protection Agency (EPA), and Israel National Cyber Directorate (INCD), jointly released a cybersecurity advisory to caution organizations about continued malicious cyber activities by an Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors.
The Targeted Infrastructure: Vulnerabilities in Operational Technology
The primary focus of these cyber attacks revolves around targeting Unitronics Vision Series programmable logic controllers (PLCs), commonly employed in critical sectors such as water and wastewater systems, healthcare, manufacturing, energy, and food and beverage industries.
These PLCs serve as integral components in managing operational functions, yet their exposure to the internet makes them susceptible to cyber infiltrations.
🚨Iranian hackers target U.S. water facilities
Cyber threat actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) are actively exploiting vulnerabilities in multiple sectors—including water + wastewater facilities. pic.twitter.com/vDrYOzN0TN
In a recent turn of events, the Cybersecurity and Infrastructure Agency (CISA) issued a significant advisory highlighting malicious cyber activities orchestrated by an Iranian cyber group targeting various United States facilities.
This advisory, posted on December 1, sheds light on the usage of Israeli-made systems by the cyber group known as “CyberAv3ngers,” to compromise operational technology devices in critical infrastructure sectors.
The CISA, along with several other federal agencies, including the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Environmental Protection Agency (EPA), and Israel National Cyber Directorate (INCD), jointly released a cybersecurity advisory to caution organizations about continued malicious cyber activities by an Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors.
The Targeted Infrastructure: Vulnerabilities in Operational Technology
The primary focus of these cyber attacks revolves around targeting Unitronics Vision Series programmable logic controllers (PLCs), commonly employed in critical sectors such as water and wastewater systems, healthcare, manufacturing, energy, and food and beverage industries.
These PLCs serve as integral components in managing operational functions, yet their exposure to the internet makes them susceptible to cyber infiltrations.
🚨Iranian hackers target U.S. water facilities
Cyber threat actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) are actively exploiting vulnerabilities in multiple sectors—including water + wastewater facilities. pic.twitter.com/vDrYOzN0TN
The CyberAv3ngers, linked to the IRGC, have exploited vulnerabilities in these Israeli-made systems, compromising default credentials to gain unauthorized access.
Upon infiltration, these hackers have defaced the controllers’ user interface, displaying messages condemning Israel while declaring every ‘made in Israel‘ equipment as a legitimate target.
“You have been hacked, down with Israel. Every equipment ‘made in Israel‘ is CyberAv3ngers legal target,” the defacement image left by the IRGC-affiliated hackers read.
Incident Reports: Impact and Concerns
Instances of these attacks have been documented across multiple states since November, with reports confirming breaches in “less than 10” domestic water facilities, a source told CNN.
Although the attacks have not resulted in disruptions or posed threats to drinking water, the ease with which they were executed raises concerns among US officials.
IRGC’s Involvement
Federal agencies attribute these cyber intrusions to IRGC-affiliated actors, signaling the IRGC’s involvement in cyber warfare.
The IRGC, a branch of the Iranian military designated as a foreign terrorist organization by the US State Department, maintains an external operations force known as the IRGC-Qods Force (IRGC-QF), responsible for covert and terrorist operations beyond Iran’s borders.
The tactics employed by the IRGC-QF extend to targeting US, Israeli, Saudi, and UAE interests, demonstrating their capability to conduct covert and lethal activities globally.
These actions align with Iran’s strategic use of terrorism to assert influence, support allies, and project power within the Middle East region.
Urgent Need for Protection
Moreover, the recent cyberattacks on US water facilities have brought attention to the vulnerabilities within critical infrastructure.
Hackers targeted internet-connected devices with default passwords, highlighting the urgent need for enhanced cybersecurity measures, particularly securing industrial equipment linked to essential services.
Mitigation Efforts: Collaboration and Recommendations
In response to these cyber threats, federal agencies, private experts, and industry executives have mobilized efforts to mitigate risks.
The focus remains on urging organizations, especially critical infrastructure entities, to implement the recommended security measures outlined in the advisory.
This includes removing industrial equipment from public internet exposure, changing default credentials, and enhancing network security protocols.
The implications of these attacks extend beyond technological vulnerabilities; they underscore the evolving landscape of cyber threats on critical infrastructure.
The potential for cyber intrusions to disrupt essential services necessitates a proactive approach to cybersecurity, emphasizing collaboration between government agencies, private sectors, and local officials.
The agencies have observed the IRGC-affiliated activity since at least October 2023, when the actors claimed credit for the cyberattacks against Israeli PLCs on Telegram.
Since 1 November, the IRGC-affiliated actors have targeted multiple U.S.-based facilities. pic.twitter.com/u7NfKWSXe5
The recent advisory serves as a stark reminder of the evolving nature of cyber warfare and the critical importance of bolstering defenses against such threats.
The responsibility to safeguard critical infrastructure against cyber intrusions lies not only with federal agencies but also with local authorities and industry stakeholders.
Rep. Chris Deluzio, a Democrat whose district includes the Aliquippa water authority, told CNN on Friday he received a confidential briefing on the water hack this week but declined to elaborate.
“Our adversaries don’t care who runs critical infrastructure,” Deluzio said, adding, “If they can get in through the weakest link — and [if] that’s a small municipal authority or a private vendor — that’s what they’re going to target.”
The urgency to fortify defenses and stay vigilant against emerging cyber threats remains paramount to safeguarding national security and preserving the integrity of essential services.
Conclusion: Safeguarding Critical Infrastructure
In conclusion, the CISA advisory highlighting the Iranian cyber group’s attacks on US facilities using Israeli-made systems serves as a wake-up call for bolstering cybersecurity measures across critical infrastructure sectors.
The collaboration between various agencies and stakeholders signifies the collective effort required to defend against evolving cyber threats and safeguard national interests.
This advisory underscores the imperative for proactive cybersecurity measures, collaboration, and continuous vigilance in mitigating cyber risks to ensure the resilience and security of critical infrastructure in the United States.
—
Check out:
As someone who’s seen what happens when the truth is distorted, I know how unfair it feels when those who’ve sacrificed the most lose their voice. At SOFREP, our veteran journalists, who once fought for freedom, now fight to bring you unfiltered, real-world intel. But without your support, we risk losing this vital source of truth. By subscribing, you’re not just leveling the playing field—you’re standing with those who’ve already given so much, ensuring they continue to serve by delivering stories that matter. Every subscription means we can hire more veterans and keep their hard-earned knowledge in the fight. Don’t let their voices be silenced. Please consider subscribing now.
One team, one fight,
Brandon Webb former Navy SEAL, Bestselling Author and Editor-in-Chief
Barrett is the world leader in long-range, large-caliber, precision rifle design and manufacturing. Barrett products are used by civilians, sport shooters, law enforcement agencies, the United States military, and more than 75 State Department-approved countries around the world.
PO Box 1077 MURFREESBORO, Tennessee 37133 United States
Scrubba Wash Bag
Our ultra-portable washing machine makes your journey easier. This convenient, pocket-sized travel companion allows you to travel lighter while helping you save money, time and water.
Our roots in shooting sports started off back in 1996 with our founder and CEO, Josh Ungier. His love of airguns took hold of our company from day one and we became the first e-commerce retailer dedicated to airguns, optics, ammo, and accessories. Over the next 25 years, customers turned to us for our unmatched product selection, great advice, education, and continued support of the sport and airgun industry.
COMMENTS
There are
You must become a subscriber or login to view or post comments on this article.