U.S. authorities say they’re in Pennsylvania after hackers linked to Iran’s Islamic Revolutionary Guard Corps, which has a history of making exaggerated and false claims about hacking exploits, broke into equipment at a remote water station. We are investigating an incident that occurred at a state water facility.
The hackers, who call themselves the “Cyber Avengers,” were able to take control of at least one device at the Aliquippa Water District in Pennsylvania. The hackers broke into a remote water station that regulates pressure in the town, which has a population of just two people. Over 7,000 people.
Robert Bible, general manager of the water authority, said: local publications that first broke the news There was no threat to water availability and the utility switched to manual operation after realizing the hack had occurred, it said.
Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, said in an emailed statement that the agency is “aware” of the breach and “understanding this evolving situation.” We are working closely with our departmental and interagency partners to provide the necessary support and guidance.”
Matthew Motts, Chairman of the Board of Directors of the Aliquippa City Water Board, said: Beaver Countian The hackers said they had no access to “the actual water treatment plant or other parts of the system, other than the pumps that regulate pressure to higher points in the system.” Mottes said the booster station sent an alert to the operator, who then took manual control of the station.
While this incident does not appear to have affected operations or services, the fact that Iran-linked hackers could force U.S. water utilities into manual operations with an intrusion is an important step in protecting critical infrastructure utilities from digital breaches. It highlights the issues.
Nevertheless, experts caution against exaggerating the significance of the incident. This is because the groups believed to be involved are not known for their sophistication and have a history of making false claims about the impact of their activities.
In July, a group claims to be behind the attack However, the targeted companies told Bleeping Computer that the claims were false. In September, the group claimed additional attacks on Israel’s rail infrastructure.Last month, the group claimed to have hacked Israel’s Dorado power facility, but that claim Recycled announced facility violations June 2022, by hacktivist figure Moses Staff. Linked to IRGC by Microsoft.
The group also has a verified account on the X Platform, formerly known as Twitter, which appears to have been created in May 2011. This account’s oldest post is from September 14, 2023. Known for Iran-related campaigns. Using a hijacked Twitter account as part of your work.
A cyber threat analyst familiar with the group told CyberScoop that Cyber Aveng3rs’ persona is “definitely IRGC.” The analyst, who was granted anonymity to speak freely about the group’s ties to the Revolutionary Guards, said the group has shown ties to: Another persona linked to IRGC is active Solomon soldiers following the October 7 Hamas attack.
This operation fits a pattern of Iranian government-linked actors claiming large-scale hacking successes as part of messaging campaigns against Israel, despite evidence to the contrary.
“While there are many large-scale claims, the actual impact of any attack is modest,” the analyst said.
Analysts argued that by weakening Israel’s power, Iran aims to convince other countries that an alliance with Israel is fraught with risks. “This includes persistently performing minor network intrusions against critical infrastructure organizations that fail to implement basic security measures,” the analyst added.
Gil Messing, chief of staff at Israeli cybersecurity firm Check Point, said in an email Tuesday that the group is “linked to Iran’s cyber campaign against Israel” and is responsible for the attack on Israel’s Unitronics company. He said he carried out multiple attacks, including Provides software used in water systems.
“As a result of this attack, one of our customers, the Aliquippa, Pennsylvania Water District, was reportedly cyberattacked, leading to computer screen tampering by this group,” Messing said.
The hacker appears to have accessed a Unitronix programmable logic controller and displayed an image similar to the one below. Defeat Israel. All “Made in Israel” equipment is a legitimate target for cybercriminals. ” Unitronics is a publicly traded company based in Israel.
“This group has some technical capabilities,” Messing added. “But generally speaking, it’s more or less what you see with other hacktivist groups, with a lot of exaggeration and, in some cases, outright fabrication of their accomplishments.”
The group said: “Mr. Messing said that on October 23, “Soul” solicited people to help with the attack and provided the volunteers with the names of the victims they wanted to target. “As part of its modus operandi, the group appears to be focusing its hackers on exploiting known Microsoft Exchange vulnerabilities that it hopes will not be patched by its targets.”
The FBI declined to comment on the matter. The water authority and Pennsylvania’s chief information security officer did not respond to requests for comment.
Pennsylvania Democratic Rep. Chris Delzio said in an emailed statement to CyberScoop that he was “relieved” there was no impact to services, but “attacks on critical infrastructure are unacceptable.” Ta.Delzio said: Federal authorities are investigating He said he expected “aggressive prosecution of the attackers by the federal government” in the case.
“This incident once again shows that we are all potential targets for cyberattacks,” said Jennifer Lynn Walker, director of infrastructure cyber defense at the Water Information Sharing and Analysis Center.
This incident occurred shortly after the Environmental Protection Agency. shelving efforts Require cybersecurity audits of water utilities using sanitary surveys. The proposed regulation was panned by some experts, but the effort is meant to force governments to force water utilities to devote more resources to security after decades of underinvestment in defending digital systems. This was a rare example of someone trying to do so.
Following EPA’s action, CISA recently announced the following release: Free vulnerability scan For water utilities.