Critical Alert: Cyber threats to the U.S. Water Sector

In an unprecedented joint alert, the FBI, CISA, NSA, EPA, and INCD warn of a significant cybersecurity threat targeting the water and wastewater sector. The Iranian Government Islamic Revolutionary Guard Corps (IRGC) is reportedly behind a surge in malicious activities, putting critical infrastructure at risk.

The IRGC-affiliated cyber group, “CyberAv3ngers,” has persistently targeted Unitronics Vision Series programmable logic controllers (PLCs). Their attacks extend beyond the water sector, impacting energy, manufacturing, and healthcare.

Since November 2023, CyberAv3ngers has exploited default credentials in Unitronics devices, leaving anti-Israel defacement messages. The affected organizations span multiple U.S. states, necessitating urgent action.

The alert advises organizations, especially those in critical infrastructure, to follow the provided mitigation recommendations promptly.

Originally known for attacks on Israeli facilities in 2020, CyberAv3ngers has shifted focus to the U.S. water sector. Their unauthorized access to Unitronics PLCs poses significant threats to plant operations and safety, demanding immediate evaluation and mitigation.

Over the last two months, CyberAv3ngers intensified attempts to target critical infrastructures in both Israel and the U.S., emphasizing the need for effective strategies against such attacks.

Dragos’ recent webinar, “Crossing the Rubicon: Hacktivist Intrusions Against Israeli-Made OT” (https://www.dragos.com/resource/crossing-the-rubicon-hacktivist-intrusions-against-israeli-made-ot-2/) outlines five methods to combat cyber threats on critical infrastructure: ICS Incident Response (IR) plans, defensible architecture, ICS network monitoring visibility, secure remote access, and risk-based vulnerability management.

SIGA’s Level – 0 technology aligns with Dragos’ recommendations, providing an inaccessible data source for secure incident response plans. It supports operations and cyber teams in determining the best course of action to mitigate threats, reinforcing visibility in the ICS network.

Given our strong dependence on critical infrastructures, prompt responses to rising threats are imperative. SIGA offers certainty and cutting-edge live information to empower operators and decision-makers in securing their operations and business resilience.