Home Security News Iran-Linked Cyber Attacks Target Multiple U.S. States and Critical Infrastructure: What You Need to Know

Iran-Linked Cyber Attacks Target Multiple U.S. States and Critical Infrastructure: What You Need to Know

Posted: December 7, 2023

person in black long sleeve shirt using macbook pro

Iran-Linked Breaches Impact Multiple U.S. States

The Federal Bureau of Investigation (FBI), Environmental Protection Agency (EPA), Cybersecurity and Infrastructure Security Agency (CISA), and Israel's National Cyber Directorate recently issued a joint advisory concerning numerous cybersecurity breaches orchestrated by hackers affiliated with Iran. These breaches have been detected in several U.S. states and targeted numerous well-established organizations nationwide.

However, the exact number of intrusions and the identities of the targeted organizations have yet to be revealed publicly. According to the federal bodies, this course of action has been taken to protect the ongoing investigations into the breaches and mitigate potential risks. The agencies coordinate efforts to reinforce cybersecurity, deter future attacks, and bring the perpetrators to justice.

Among the cybercrime cases reported, a significant breach occurred at a water authority service in Pennsylvania. Like many other organizations, the water authority was ill-prepared for such a sophisticated cyberattack, highlighting the potential threat these attacks pose to national infrastructure, including critical services such as water supply.

FBI, EPA, CISA, and Israel's National Cyber Directorate Issue Joint Advisory

The joint advisory from the FBI, EPA, CISA, and Israel's National Cyber Directorate is an unprecedented collaboration to address the cybersecurity threats posed by Iran-affiliated hackers. The advisory aims to raise awareness about the threats, share vital cybersecurity information among member organizations, and introduce concerted efforts to safeguard their cyber networks.

The advisory urges all organizations, especially those operating within critical infrastructure sectors, to increase their vigilance and improve cyber resilience. It also stresses the importance of addressing vulnerabilities, enhancing threat detection capabilities, and employing best security practices to deter any potential security breach.

Details of the Aliquippa Hack

The Municipal Water Authority of Aliquippa in western Pennsylvania discovered a significant cybersecurity breach on November 25. The attack was believed to be orchestrated by hackers with links to Iran, specifically targeting the Authority's Israeli-made industrial control device. The hack is one of several recent attacks that have struck key organizations across multiple U.S. states.

Federal Officials Reported Four Other Utilities and an Aquarium were also Breached

As alarming as the attack on the Aliquippa water authority was, it was not isolated. Federal officials reported that alongside Aliquippa, four other utility facilities and an aquarium across different U.S. states were also breached by these Iran-affiliated hackers. This pattern of cyber intrusions pointed to a coordinated and targeted effort to undermine crucial sectors within the U.S., putting national security at risk.

Incident Leads to Temporary Halt of Pumping Station Operations

In the wake of the discovered breach, the Municipal Water Authority of Aliquippa took the prudent step of temporarily halting operations at the affected pumping station. This decision was made to prevent further unwarranted access or potential sabotage of the water supply. Concurrently, experts were called upon to examine the cyber intrusion, rectify the breach, and implement improved safeguards to protect against future attacks.

Recognition and Attribution of the Hackers

Malevolent actors behind the series of cyber-attacks that impacted numerous organizations in the U.S. have been identified as the group called "Cyber Av3ngers." These hackers targeted the Municipal Water Authority of Aliquippa in Pennsylvania and strategically launched assaults on other utilities and an aquarium. U.S. authorities have linked the group to Iran's Islamic Revolutionary Guards Corps.

U.S. Authorities Link the Group to Iran's Islamic Revolutionary Guards Corps

The signature pattern and technique of the cyber-attacks raised alarm among the U.S. authorities, who recognized a close resemblance to the tactics previously employed by Iran's Islamic Revolutionary Guards Corps. As such, U.S. authorities have linked the "Cyber Av3ngers" to this group, treating the assaults as serious threats to national security.

Advisory Reveals The Group has Targeted Unitronics Devices Since at Least November 22

An advisory from federal agencies reveals that the hackers have specifically targeted Unitronics devices, Israeli-manufactured industrial control systems, since November 22. With the devices used extensively in various industries, the specific targeting raises concerns about the hackers' objectives, and the potential harm such breached systems could bring to U.S. infrastructure and key sectors.

Hackers Exploiting Poor Password Security and Device Exposure to the Internet

The assaults carried out by the "Cyber Av3ngers" also revealed a concentration on exploiting weak password security and undue exposure of the devices on the internet. The group capitalized on these vulnerabilities to gain unauthorized access to critical systems within the targeted organizations, manipulating and violating their networks and databases. This situation offers a glaring reminder of the importance of robust cybersecurity measures and practices, particularly within the sectors dealing with crucial infrastructure.

Calls for Action and Responses

In response to the alarming cyberattacks orchestrated by the Iran-linked "Cyber Av3ngers," there have been stringent calls to action and immediate responses from various stakeholders. Agencies, experts, and the public have sought to address this growing menace and ensure appropriate measures are taken for future security.

Pennsylvania Congressmen Request U.S. Justice Department Investigation

Given the severity of the attacks, Pennsylvania congressmen have officially requested an investigation into the breaches by the U.S. Justice Department. The representatives call for a comprehensive examination of the cyberattacks to ascertain the hackers' motives, sources, and potential threats to U.S. security. This measure is hoped to establish a strong deterrent against future cybercrime.

Continuing Issues Concerning the Security Measures of Vital Industries

The cyberattacks have once again highlighted continuing issues regarding the cyber security of vital industries. Despite being crucial to the nation's operation and well-being, industries like water, energy, and transportation often have outdated or inadequate cybersecurity measures. These sectors have become prime targets for cybercriminals, necessitating comprehensive overhauls of their cybersecurity strategies.

Experts Warn that the Water Sector is Under-Resourced and Highly Vulnerable

The water industry, in particular, has been identified as under-resourced in the realm of cybersecurity. Experts have warned that the sector is highly vulnerable to hacking due to a lack of investment in modern security measures. This creates a significant risk for large-scale disruptions and potential public health crises.

In light of these cyberattacks and their potential risks, the public is increasingly seeking reassurance and guidance on how to protect themselves and their communities.