In a recent cybersecurity incident, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed an active cyber attack on the Municipal Water Authority of Aliquippa in western Pennsylvania. The attackers, identified as the Iranian-backed hacktivist group Cyber Av3ngers, exploited Unitronics programmable logic controllers (PLCs) in an attempt to compromise critical water infrastructure.
CISA stated, “Cyber threat actors are targeting PLCs associated with [Water and Wastewater Systems] facilities, including an identified Unitronics PLC, at a U.S. water facility.” The affected municipality responded promptly by taking the water system offline and transitioning to manual operations, ensuring no immediate risk to drinking water or water supply.
Reports from the Water Information Sharing and Analysis Center (WaterISAC) indicate that Cyber Av3ngers gained control of the booster station responsible for monitoring and regulating pressure in Raccoon and Potter Townships. The threat actors exploited a Unitronics Vision Series PLC with a Human Machine Interface (HMI), capitalizing on weak password security and the device’s public accessibility over the internet.
Given the potential consequences of disruptive attacks on water and wastewater systems, CISA recommends several preventive measures. Organizations are urged to change default passwords on Unitronics PLCs, implement multi-factor authentication (MFA), disconnect PLCs from the internet, regularly back up logic and configurations, and apply the latest updates to enhance security.
This incident follows Cyber Av3ngers’ history of targeting critical infrastructure, previously claiming infiltration of 10 water treatment stations in Israel. In a recent cyber assault, the group took responsibility for attacking Orpak Systems, a leading provider of gas station solutions in the country. Their message on November 26, 2023, proclaimed, “Every Equipment ‘Made In Israel’ Is Cyber Av3ngers Legal Target.”
