The Municipal Water Authority of Aliquippa in western Pennsylvania was the subject of a cyberattack that includes the active exploitation of Unitronics programmable logic controllers (PLCs), according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The attack has been linked to the hacktivist group Cyber Av3ngers, which is supported by Iran.
“Cyber threat actors are targeting PLCs associated with [Water and Wastewater Systems] facilities, including an identified Unitronics PLC, at a U.S. water facility,” the government stated.
“In response, the affected municipality’s water authority immediately took the system offline and switched to manual operations—there is no known risk to the municipality’s drinking water or water supply.”
The booster station that monitors and controls pressure for Raccoon and Potter Townships is allegedly under the control of Cyber Av3ngers, according to news sources cited by the Water Information Sharing and Analysis Center (WaterISAC).
The afflicted equipment is a Unitronics Vision Series PLC with a Human Machine Interface (HMI), and it is believed that the threat actors gained access to it by taking advantage of the device’s weak password security and public internet accessibility.
Disruptive assaults aiming to jeopardize the integrity of such crucial operations might have negative effects, preventing WWS facilities from providing access to clean, drinkable water. PLCs are utilized in the WWS sector to monitor various stages and processes of water and wastewater treatment.
Organizations should change the Unitronics PLC default password, implement multi-factor authentication (MFA), disconnect the PLC from the internet, back up the logic and configurations on any Unitronics PLCs to facilitate quick recovery, and apply the most recent updates in order to mitigate such attacks, according to CISA’s recommendations.
Cyber Av3ngers is no stranger to the critical infrastructure space; they claim to have breached up to ten Israeli water treatment facilities. The organization also took credit for a significant cyberattack against Orpak Systems, a well-known national supplier of gas station solutions, last month.
“Every Equipment ‘Made In Israel’ Is Cyber Av3ngers Legal Target,” the gang asserted on November 26, 2023, in a statement sent on its Telegram channel.