Published 17 Dec 2023

Critical Alert: Cyber threats to the U.S. Water Sector

In an unprecedented joint alert, the FBI, CISA, NSA, EPA, and INCD warn of a significant cybersecurity threat targeting the water and wastewater sector. The Iranian Government Islamic Revolutionary Guard Corps (IRGC) is reportedly behind a surge in malicious activities, putting critical infrastructure at risk.

The IRGC-affiliated cyber group, “CyberAv3ngers,” has persistently targeted Unitronics Vision Series programmable logic controllers (PLCs). Their attacks extend beyond the water sector, impacting energy, manufacturing, and healthcare.

Since November 2023, CyberAv3ngers has exploited default credentials in Unitronics devices, leaving anti-Israel defacement messages. The affected organizations span multiple U.S. states, necessitating urgent action.

The alert advises organizations, especially those in critical infrastructure, to follow the provided mitigation recommendations promptly.

Originally known for attacks on Israeli facilities in 2020, CyberAv3ngers has shifted focus to the U.S. water sector. Their unauthorized access to Unitronics PLCs poses significant threats to plant operations and safety, demanding immediate evaluation and mitigation.

Over the last two months, CyberAv3ngers intensified attempts to target critical infrastructures in both Israel and the U.S., emphasizing the need for effective strategies against such attacks.

Dragos’ recent webinar, “Crossing the Rubicon: Hacktivist Intrusions Against Israeli-Made OT” outlines five methods to combat cyber threats on critical infrastructure: ICS Incident Response (IR) plans, defensible architecture, ICS network monitoring visibility, secure remote access, and risk-based vulnerability management.

SIGA’s Level – 0 technology aligns with Dragos’ recommendations, providing an inaccessible data source for secure incident response plans. It supports operations and cyber teams in determining the best course of action to mitigate threats, reinforcing visibility in the ICS network.

Given our strong dependence on critical infrastructures, prompt responses to rising threats are imperative. SIGA offers certainty and cutting-edge live information to empower operators and decision-makers in securing their operations and business resilience.


Copy Copy link X Facebook LinkedIn
Protecting the Process Layer of Critical Infrastructure with an unhackable source of truth
Our blog

Lastest blog posts

Tools and strategies to keep your infrastructure safe.

View all posts

SEC Item 106: Integrating Operational Technology into the Financial Risk Framework

25 June 2026

Adopted in 2023, SEC Item 106 is a mandatory disclosure requirement within Regulation S-K that expands cybersecurity risk disclosure to include risks...

NIST SP 1800-41: A Shift to Industrial Cyber Resilience

25 June 2026

The National Institute of Standards and Technology (NIST) has released the Initial Public Draft of Special Publication 1800-41, Responding to and Recovering...

A Process Oriented Upgrade to Obsolete Incident Response Plabyooks

18 June 2026

In Operational Technology (OT) environments, Incident Response (IR) timelines are measured against operational uncertainty. The longer it takes to determine whether cyber...