Executive Summary
Iranian-backed group “Cyber Av3ngers” attacked a critical infrastructure in the US. The cyberattack targeted a booster station with Israeli-owned components on Aliquippa’s Municipal Water Authority.
It was a politically motivated attempt to disrupt critical infrastructure. The attack affected the water supply to Raccoon and Potter townships and the compromised network’s security cameras.
Details of the Attack
The international hacking ring compromised a pump, triggering an alarming message on the control panel expressing anti-Israel sentiments.
Consequently, the system utilising Unitronics, reported to contain components owned by Israel, shut down. This outage disrupted the water supply to Raccoon and Potter townships.
The following alarming message appeared on the control panel after the pump was disabled:
You have been hacked. Down with Israel. Every equipment ‘made in Israel’ is Cyber Av3ngers legal target.
The attack also impacted security cameras on the compromised network.
About the Attacking Group
“Cyber Av3ngers” is an Iranian-linked cyber guerilla group with a history of targeting critical infrastructure worldwide. Expressing support for Palestinians, the group operates with a political agenda. This is evident in its attacks on Israeli water plants and hardware.
The group has a history of targeting critical infrastructure, including water treatment facilities, oil and gas stations, and electricity infrastructure. Also, they are known to exaggerate the impact of their attacks and publish fake data.
Response
The Municipal Water Authority disabled the affected equipment and engaged backup methods to maintain water pressure. Since the compromised pump was on a separate network, impact to critical systems was limited.
Indeed, law enforcement agencies, including the FBI, Pennsylvania Department of Environmental Protection, and Pennsylvania State Police, were notified.
Although the attack immediately triggered an alarm, there are reportedly no identified risks to the drinking water or water supply. However, the facility is currently investigating the hardware for potential system-wide risks.
Closing Comments
These incidents underscore the vulnerability of critical infrastructure to cyber threats, emphasising the need for robust cybersecurity measures.
The Iranian-backed group’s actions highlight the geopolitical dimension of cyber attacks on essential services, necessitating global cooperation to defend against such threats. Proactive defence strategies and collaboration with law enforcement are imperative to ensure the resilience of critical infrastructure.
- Prudential Voluntarily Notifies SEC of Breach Incident
- [Zero-Day] Unpatched Flaws Revealed in Microsoft Exchange
- Ransomware Group 8Base Poses Increasing Threat
- Johnson Controls Cyberattack: $51 Million Ransom Demanded
- CISA’s Free Cybersecurity Services for Critical Infrastructure
- MongoDB Security Breach: Customer Data Exposed