Cyber incident against a water authority in Pennsylvania (2023)
Jump to navigation
Jump to search
Date | November 25, 2023.[1] |
---|---|
Suspected actor | A hacktivist group known as ‘Cyber Av3ngers’ took credit for the attack.[2] The group was officially attributed to the Iranian Islamic Revolutionary Guard Corps (IRGC) by the United States.[3] |
Target | |
Target systems | A programmable logic controller (PLC), responsible for regulating water pressure, was targeted and disabled at one of the authority’s booster pump stations.[4] |
Method | The attackers took control of a PLC, a Unitronics Vision system, containing an integrated human-machine interface (HMI) which connected it to the internet.[4] Unitronics Vision products are known to sometimes contain vulnerabilities which allow hackers to insert malicious code,[5] which in this case allowed the attackers to compromise the device.[4] |
Purpose | Supposedly motivated by the ongoing Israel-Hamas conflict, Cyber Av3ngers claimed that the device was specifically targeted due to its manufacturer, Unitronics, being an Israeli company.[1] The screen of the compromised PLC displayed the message: “You have been hacked. Down with Israel. Every equipment[sic] ‘made in Israel’ is a Cyber Av3ngers legal target.”[2][6] The group has claimed responsibility for several cyber attacks against Israeli infrastructure,[2] though the veracity of their claims has been doubted.[3] |
Result | According to a representative of the water authority, the attack was quickly identified and the PLC was disabled, switching to manual operation. No harm was reported to local residents reliant on the water supply.[7] |
Aftermath | In response to the attack, the U.S. Department of the Treasury unveiled sanctions against six officials of the IRGC Cyber Electronic Command.[3] |
Analysed in | Scenario 29: Cyber operations against water and water infrastructure |
Collected by: Tom Davies
- ↑ 1.0 1.1 1.2 Whyy (PBS), ‘Cybersecurity at water utilities a national concern after Pa. water authority hacked’ (2 January 2024).
- ↑ 2.0 2.1 2.2 Cyberscoop, ‘Pennsylvania water facility hit by Iran-linked hackers’ (28 November 2023).
- ↑ 3.0 3.1 3.2 Waterworld, ‘Treasury sanctions Iranian actors behind Aliquippa water authority cyberattack’ (6 February 2024)
- ↑ 4.0 4.1 4.2 Securityweek, ‘Hackers Hijack Industrial Control System at US Water Utility’ (27 November 2023).
- ↑ Incibe, ‘Embedded malicious code vulnerability in Unitronics Vision1210’ (6 July 2023)
- ↑ ABC 15 News, ‘Fact Check Team: Iranian cyberattack poses threat to Pennsylvania water utilities’ (5 January 2024).
- ↑ Waterworld, ‘Aliquippa, Pennsylvania suffers cyberattack on booster station PLC’ (30 Nov 2023).