An incident in Pennsylvania is causing US cyber authorities to warn that hackers are trying to hijack access to water and wastewater treatment facilities in the country.
On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about the threat after a suspected Iranian hacking group gained remote access to IT systems at a water provider in Aliquippa, Pennsylvania.
According to KDKA, the Municipal Water Authority of Aliquippa suffered a breach involving a water pump station that regulates the pressure for two local townships. The water authority appears to have traced the attack to the Iranian group Cyber Av3ngers, by citing a note the hackers left on the infected IT system: a terminal from Israel-based Unitronics.
In the note, the hacker wrote: “Down with Israel… Every equipment ‘made in Israel’ is Cyber Av3ngers legal target.”
It's not clear how the hackers hijacked the Unitronics terminal. But CISA is urging water suppliers that use Unitronics programmable logic controllers to be on guard for potential hacks.
In the case of Aliquippa, there’s “no known risk to the municipality’s drinking water or water supply” following the hack of the Unitronics terminal, the agency said. Nevertheless, Unitronics programmable logic controllers are often used to manage and monitor various water and wastewater treatment processes.
This can include “turning on and off pumps at a pump station to fill tanks and reservoirs, flow pacing chemicals to meet regulations, gathering compliance data for monthly regulation reports, and announcing critical alarms to operations,” CISA said. Hence, any attempt to hijack and disrupt the Unitronics systems could undermine a water facility’s ability to supply clean water or properly treat wastewater.
“The cyber threat actors likely accessed the affected device—a Unitronics Vision Series PLC with a Human Machine Interface (HMI)—by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet,” the agency added.
In response, US cyber authorities are urging affected water suppliers to change the default “1111” password on Unitronics terminals and to implement multi-factor authentication on their networks.
So far, the Cyber Av3ngers have claimed on Twitter/X that they've already attacked 10 water treatment facilities in Israel by infiltrating their IT networks and wiping the data.
