Cyber incident against a water authority in Pennsylvania (2023)

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Date November 25, 2023.[1]
Suspected actor A hacktivist group known as ‘Cyber Av3ngers’ took credit for the attack.[2] The group was officially attributed to the Iranian Islamic Revolutionary Guard Corps (IRGC) by the United States.[3]
Target
Target systems A programmable logic controller (PLC), responsible for regulating water pressure, was targeted and disabled at one of the authority’s booster pump stations.[4]
Method The attackers took control of a PLC, a Unitronics Vision system, containing an integrated human-machine interface (HMI) which connected it to the internet.[4] Unitronics Vision products are known to sometimes contain vulnerabilities which allow hackers to insert malicious code,[5] which in this case allowed the attackers to compromise the device.[4]
Purpose Supposedly motivated by the ongoing Israel-Hamas conflict, Cyber Av3ngers claimed that the device was specifically targeted due to its manufacturer, Unitronics, being an Israeli company.[1] The screen of the compromised PLC displayed the message: “You have been hacked. Down with Israel. Every equipment[sic] ‘made in Israel’ is a Cyber Av3ngers legal target.”[2][6] The group has claimed responsibility for several cyber attacks against Israeli infrastructure,[2] though the veracity of their claims has been doubted.[3]
Result According to a representative of the water authority, the attack was quickly identified and the PLC was disabled, switching to manual operation. No harm was reported to local residents reliant on the water supply.[7]
Aftermath In response to the attack, the U.S. Department of the Treasury unveiled sanctions against six officials of the IRGC Cyber Electronic Command.[3]
Analysed in Scenario 29: Cyber operations against water and water infrastructure

Collected by: Tom Davies