In a joint announcement on Friday, the FBI, the U.S. Cyber and Infrastructure Agency (CISA), the National Security Agency, the Environmental Protection Agency, and Israel's National Cyber System revealed the identification of cyber activities linked to Iran, posing a significant threat to critical infrastructure, particularly water facilities.
The cyberattacks, attributed to Iran's Revolutionary Guards, a U.S.-designated terrorist organization, have been targeting the Israeli Unitronics company's programmable logic controllers (PLCs). These controllers are widely used in computerized systems for various industries, including water, energy, food, health, and beverages. The group behind the attacks, known as CyberAv3ngers, specifically aims to sabotage vital infrastructure, with a track record of compromising Unitronics systems in agricultural irrigation in northern Israel earlier this year.
The hackers, who have been active since at least November 22, leave anti-Israel messages such as "You Have been hacked, Down with Israel" when compromising the equipment. Although there have been no reported disruptions to water facilities or drinking water, U.S. authorities express concern, noting that the attacks are easily executable.
CNN, citing anonymous federal government sources, reported that hackers targeted water infrastructure in Pennsylvania using the same Unitronics equipment. At least 10 water companies across the U.S. have reportedly fallen victim to these attacks, according to briefings given to Senate and House representatives.
The Aliquiva Water Authority, serving the Pittsburgh area, reported a recent breach by pro-Iranian hackers who infiltrated the equipment managing water pressure, displaying anti-Israel messages on computer screens. Despite serving 15,000 customers, the water authority assured that the incidents did not compromise water quality.
In response to the escalating threat, CISA, the FBI, private investigators, and senior water industry officials have issued warnings to water companies, urging them to disconnect their equipment from the internet to prevent further attacks. Federal investigators are actively examining multiple breaches in water facilities across the U.S. since the Pennsylvania hack was reported. The Aliquiva Water Authority, one of the affected entities, has handed over compromised equipment to the FBI and is operating one of its pumping stations manually until the equipment can be replaced.
As tensions rise, concerns grow over the vulnerability of critical infrastructure to cyber threats, emphasizing the need for enhanced cybersecurity measures to safeguard global water supplies.