Iran-linked cyberattacks threaten equipment used in U.S. water systems and factories

By Juliana Kim (NPR)
Dec. 3, 2023 5:26 p.m.
This photo provided by the Municipal Water Authority of Aliquippa shows the screen of a Unitronics device that was hacked in Aliquippa, Pa., on Nov. 25.

This photo provided by the Municipal Water Authority of Aliquippa shows the screen of a Unitronics device that was hacked in Aliquippa, Pa., on Nov. 25.

Municipal Water Authority of Aliquippa via AP

An Iran-linked hacking group is “actively targeting and compromising” multiple U.S. facilities for using an Israeli-made computer system, U.S. cybersecurity officials say.

THANKS TO OUR SPONSOR:

The Cybersecurity and Infrastructure Security Agency (CISA) said on Friday that the hackers, known as "CyberAv3ngers," have been infiltrating video screens with the message "You have been hacked, down with Israel. Every equipment 'made in Israel' is CyberAv3ngers legal target."

The cyberattacks have spanned multiple states, CISA said. While the equipment in question, "Unitronics Vision Series programmable logic controllers," is predominately used in water and wastewater systems, companies in energy, food and beverage manufacturing, and health care are also under threat.

"These compromised devices were publicly exposed to the internet with default passwords," CISA said.

Related: Iran says cyberattack closes gas stations across country

The agency did not specify how many organizations have been hacked, but on Friday CNN reported that "less than 10" water facilities around the U.S. had been affected.

THANKS TO OUR SPONSOR:

CyberAv3ngers was behind the breach at a water authority outside of Pittsburgh on Nov. 25. The Aliquippa water authority was forced to temporarily disable the compromised machine, but reassured citizens that the drinking water is safe.

While it did not cause any major disruptions to the water supply, the incident revealed just how vulnerable the nation's critical infrastructure is to cyberattacks.

"If a hack like this can happen here in Western Pennsylvania, it can happen elsewhere in the United States," Sens. John Fetterman and Bob Casey, and Rep. Chris Deluzio, who all represent the state, wrote in a letter to Attorney General Merrick Garland on Tuesday. The lawmakers urged the Justice Department "to conduct a full investigation and hold those responsible accountable."

Related: Tripwire for real war? Cyber’s fuzzy rules of engagement

It also showed the scale and scope of Israel and Hamas' cyberwarfare. Alongside the fight on the ground, both sides of the conflict are armed with dozens of hacking groups that have been responsible for disrupting company operations, leaking sensitive information online and collecting user data to plan future attacks.

"We're now tracking over 150 such groups. And since you and I started to correspond, it was probably 20 or 30 or 40. So there's more groups, and more hacktivist groups are joining," Gil Messing, the chief of staff at the Israeli cybersecurity firm Check Point, told NPR.

In response to the cyber concerns, Israeli authorities recently gave themselves new emergency wartime powers, which allows the government to step in if a company that specifically deals with cloud storage and digital services gets hacked.

NPR's Jenna McLaughlin contributed reporting.

Copyright 2023 NPR. To see more, visit https://www.npr.org.

THANKS TO OUR SPONSOR:

Become a Sustainer now at opb.org and help ensure OPB’s fact-based reporting, in-depth news and engaging programs thrive in 2025 and beyond.
We’ve gone to incredible places together this year. Support OPB’s essential coverage and exploration in 2025 and beyond. Join as a monthly Sustainer now or with a special year-end contribution. 
THANKS TO OUR SPONSOR: