Federal Agencies, "Iran-Affiliated Hackers to Breach Several U.S. States"

Pennsylvania’s Harrisburg According to U.S. and Israeli authorities, several American business firms were compromised by Iran-affiliated hackers who targeted an Israeli-made industrial control device. Among them was a minor water authority in western Pennsylvania. The FBI, EPA, CISA, Israel’s National Cyber Directorate, and the FBI stated in an advisory to The Associated Press late Friday that “the victims span multiple U.S. states”.

They did not specify the number of hacked organizations or provide additional information. Also, the head of the Municipal Water Authority of Aliquippa, Matthew Mottes, announced on Thursday. He mentioned receiving information from federal officials. They confirmed the same gang's involvement in compromising an aquarium and 4 other usefulness since its discovery on November 25. Although there isn’t any proof that Iran was involved in the October 7 attack on Israel by Hamas.

Cybersecurity professionals predict that pro-Palestinian hacktivists & state-sponsored Iranian hackers would raise their cyberattacks against Israel and its allies. The multiagency consulting provided additional details that CISA had excluded in verifying the Pennsylvania hack. It highlighted the usage of Unitronics’ Vision Series automatic logic controllers in sectors far away from water treatment facilities, presenting potential vulnerabilities.

As per the recommendation, these sectors include “energy, food and beverage manufacturing, and healthcare.” The apparatuses control temperature, pressure, and fluid flow, among other functions. Workers at a remote station that controls water pressure for two neighboring towns were encouraged by the Aliquippa hack to temporarily stop pumping. It has forced the crews to turn to manual operation. 

The hackers placed a digital calling card on the hacked gadget that declared all equipment manufactured in Israel “a legal target.” As per the multiagency advice, it was unknown if the hackers had attempted to delve further into compromised networks. According to the statement, the access they did have allowed for “more profound cyber physical effects on processes and equipment.”

According to the advice, the hackers, who go by the name “Cyber Av3ngers,” are connected to the Islamic Revolutionary Guards Corps in Iran. The United States has classified it as a foreign terrorist group in 2019. The organization claimed to have been targeting the Unitronics devices since at least 22nd November 2023.

Using the Shodan service, an online search turned up more than 200 of these internet-connected gadgets in the United States. As to the advice, Unitronics devices are pre-configured with a default password. It is not recommended by experts as it increases the susceptibility of the devices to hacking. According to best standards, gadgets should demand users to set a special password right away.

As per the report, “exploiting cybersecurity weaknesses, exposure to the internet,” is most likely how the hackers gained access to the impacted computers. Many water companies, according to experts, have not given cybersecurity enough thought.

Three congressmen from Pennsylvania wrote to the U.S. Justice Department requesting an investigation into the Aliquippa hack. Sens. Bob Casey, John Fetterman, and Chris Deluzio, along with U.S. Representative Chris Deluzio, stated that citizens need to know that “nation-state adversaries and terrorist organizations” cannot harm their drinking water or other essential infrastructure.

In a social media post on October 30, Cyber Av3ngers stated that they had breached ten water treatment facilities in Israel; however, it is unclear if any equipment was disabled. As per Sergey Shykevich of Check Point, the group has grown and intensified its targeting of Israeli vital infrastructure since the start of the Israel-Hamas conflict. Before October 7, there was a low-level cyber conflict between Iran and Israel.