Iranian-Backed Cyber Group Targets Municipal Water Authority in Pennsylvania

Read Time:1 Minute, 44 Second

On Saturday, October 29, 2023, the Municipal Water Authority of Aliquippa (MWA) in western Pennsylvania fell victim to a cyber attack orchestrated by an Iranian-backed group known as CyberAv3ngers. The attack specifically targeted a remote booster station that serves two townships, but the MWA reassured residents that there was no known risk to the drinking water or water supply.

According to local news reports, CyberAv3ngers gained control of a Unitronics Vision Series PLC, a device used for monitoring and regulating pressure in Raccoon and Potter Townships. The attack triggered an alarm, prompting the MWA to swiftly take the system offline and switch to manual operation. CyberAv3ngers, an activist group that claims to focus on targeting Israeli water and energy sites, has previously taken responsibility for attacks on ten water treatment facilities in Israel.

While the motive behind the attack on the MWA remains unclear, it is speculated that the group may have been attempting to disrupt the U.S. water supply or convey a message to the Israeli government. In response, the Cybersecurity and Infrastructure Security Agency (CISA) has launched an investigation into the incident and issued an alert warning other water and wastewater facilities about the potential risks they may face.

CISA has provided a set of recommendations for organizations to safeguard their systems against similar attacks:

  • Change the default password of Unitronics PLCs.
  • Implement multifactor authentication for all remote access to the OT network.
  • Disconnect the PLC from the open internet.
  • Regularly back up the logic and configurations on any Unitronics PLCs.
  • Utilize a TCP port that differs from the default port TCP 20256.
  • Keep the PLC/HMI updated with the latest version provided by Unitronics.

This attack serves as a stark reminder of the increasing threat posed by cyberattacks on critical infrastructure. Water and wastewater facilities, in particular, are highly vulnerable due to their reliance on programmable logic controllers (PLCs) that are often connected to the internet. By following CISA’s recommendations and implementing additional security measures such as network segmentation and intrusion detection systems, organizations can fortify their systems against potential cyber threats.

Leave a Reply

Your email address will not be published. Required fields are marked *