Federal agencies are warning that Iran-affiliated hackers have targeted U.S. water systems that use materials made by Israeli firm Unitronics.
Numerous agencies, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD), released a joint Cybersecurity Advisory (CSA) to discuss the “malicious cyber activity.”
“The IRGC is an Iranian military organization that the United States designated as a foreign terrorist organization in 2019. IRGC-affiliated cyber actors using the persona ‘CyberAv3ngers’ are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs),” the advisory reads.
The PLCs are often used in Water and Wastewater Systems (WWS) and in a variety of industries.
According to the advisory, the hackers left a message on the programs stating, “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.”
Several U.S. areas have been victims of the hack, including Aliquippa, Pennsylvania.
Matthew Mottes, the chairman of the Municipal Water Authority of Aliquippa, discovered the hack and was later informed that the Iran-linked group also breached four other utilities, according to the Associated Press.
Some members of Congress have called for an investigation into the cyberattacks.
Representative Chris Deluzio (D-PA) shared in a tweet, “Any attack on our critical infrastructure is unacceptable. It poses a threat not only to Western PA, but also the nation.”
In a letter sent to Attorney General Merrick Garland, Deluzio and Senators Bob Casey (D-PA) and John Fetterman (D-PA) wrote that the cyberattacks are “unacceptable.”
“If a hack like this can happen here in Western Pennsylvania, it can happen elsewhere in the United States. Folks in Pennsylvania and across the country deserve peace of mind that basic infrastructure such as their drinking water is safe from nation-state adversaries and terrorist organizations,” they wrote. “We know that nation-state adversaries are targeting the weakest link in America’s critical infrastructure. We must ensure that our state and local governments, along with private companies, have cyber-defenses strong enough to fend off attacks from sophisticated actors. In Congress, we are committed to pushing our federal government to help shore up our defenses across our critical infrastructure.”
