Iranian hackers attempt to damage critical infrastructure through Israeli Unitronics products
According to a joint warning from American and Israeli cyber security agencies, since November 22, a group linked to the Iranian Revolutionary Guards has attacked Israeli company Unitronics devices which are used to control and automate machines.
American and Israeli security agencies issued a joint warning about "malicious cyber activity" from Iran targeting water, energy, and food industries in the United States. The attacks were carried out by compromising products of Israeli company Unitronics, which develops and manufactures programmable logic controllers (PLCs) used in control and automation systems.
"Since at least November 22, 2023, these IRGC-affiliated cyber actors have continued to compromise default credentials in Unitronics devices," according to a cybersecurity advisory issued by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Environmental Protection Agency (EPA), and Israel's National Cyber Directorate (INCD).
The cyber actors associated with the revolutionary guard left a defacement image stating, "You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target." According to authorities, several states across the US have already been affected by these attacks. The security agencies have urged all organizations, especially critical infrastructure entities, to implement their detailed recommendations to mitigate the risks posed by these cyber attacks.
Related articles:
The advisory comes after US authorities investigated multiple breaches suspected to have originated from a group called CyberAv3ngers, linked to Tehran, in recent days. Last week, the group claimed responsibility for an attack on the Municipal Water Authority of Aliquippa in Pennsylvania. According to Matthew Mottes, the chairman of the water authority, the hackers partially took control of the system regulating water pressure through Unitronics' technology. However, Mottes added that the system using Unitronics' computing component was quickly shut down after an alert was issued to employees about the threat, and teams maintained normal water pressure along the entire water line.
According to the joint statement, since at least 2020, CyberAv3ngers has been operating against critical infrastructure sectors in Israel, including water, energy, shipping, and distribution. They have only recently started to focus attacks on American facilities that utilize Israeli technology. Attacks have been specifically carried out on PLC devices because they are “often exposed to outside internet connectivity due to the remote nature of their control and monitoring functionalities.”
The group typically announces its attacks through its Telegram channels, although not all of their claims have been verified. For example, the joint statement notes that on October 18, 2023, the "Soldiers of Solomon" group affiliated with CyberAv3ngers claimed responsibility for cyber attacks on over 50 servers, security cameras, and smart city management systems in Israel. However, most of these claims were proven false.
It is likely that CyberAv3ngers will target additional US-based authorities. Despite the attacks not causing significant disruptions or meaningful damage, enforcement agencies explain that "It is not known if additional cyber activities deeper into these PLCs or related control networks and components were intended or achieved." Last week, FBI Director Christopher Wray testified before the Senate that Iranian cyber attacks against critical infrastructure in the United States are expected to "intensify" as the conflict between Israel and Hamas continues.