Multiple federal agencies are warning that Iran-linked hackers have been targeting U.S. water systems and other industries that use programmable-logic controllers (PLC) made by an Israeli firm Unitronics, as the Israel-Hamas war simmers in the background.

Hackers affiliated with the Islamic Revolutionary Guard Corps (IRGC) have engaged in “malicious cyber activity” targeting the PLC operational technology devices used in America’s water and wastewater systems sector, and in other industries including energy, food, and beverage manufacturing, since at least Nov. 22, the agencies said in a Dec. 1 alert.

The agencies that issued the warning include the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA), with the Israel National Cyber Directorate (INCD) joining the U.S. agencies in the advisory.


Advertisement


This IRGC-linked cyberattack group (known variously as CyberAv3ngers, CyberAveng3rs, or Cyber Avengers) has been compromising default credentials in Unitronics devices since at least Nov. 22, the agencies said.

After hacking the PLC devices in multiple states, CyberAv3ngers left the following defacement message: “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.”

The cyber group has claimed responsibility for numerous attacks against critical infrastructure in Israel starting in 2020, and it has recently turned its attention to targets in the United States, a key ally of Israel as it battles the Hamas terror group following the Oct. 7 attacks against Israel.

One high-profile attack by CyberAv3ngers targeted a water authority near Pittsburgh last weekend, prompting congressional lawmakers to demand an investigation by the Department of Justice (DOJ) and triggering the latest multi-agency warning that other water and sewage-treatment utilities, and other industries, may be vulnerable.

The PLC devices regulate processes including pressure, temperature, and fluid flow, according to Unitronics. A cyberattack by the Iran-linked group on Nov. 25 targeted the Municipal Water Authority of Aliquippa, forcing the utility to switch to manual operations though officials said water quality was not compromised.

“The affected municipality’s water authority immediately took the system offline and switched to manual operations—there is no known risk to the municipality’s drinking water or water supply,” CISA said in a Nov. 28 notice. (READ MORE)