New cyberattack campaign singles out Israeli-made devices

An Iranian-based cyber group dubbed “CyberAv3ngers” recently launched a cyberattack campaign targeting Israeli-made devices – and last week, the Aliquippa Municipal Water Authority was one of its first victims.

How a local municipality became a part of an international conflict

According to CBS News, on Saturday, November 25, one of the Pennsylvania municipality’s booster stations became part of an international conflict when an electronic water pressure gauge was breached by CyberAv3ngers. The group proceeded to halt the device’s operations and posted the following message on its screen:

“You Have Been Hacked. Down With Israel.
Every Equipment ‘Made In Israel’ is CyberAv3ngers Legal Target.”

Workers at the station responded immediately and shut down the device, and began manually monitoring pressure, ensuring that customers were never without service. The device in question was created by Unitronics, an Israeli company that manufactures automatic industrial control devices, which is why it was targeted, though how CyberAv3ngers obtained knowledge of this particular device’s existence is unknown. The incident is now under investigation by both local and federal law enforcement.

From cybercrime to cyberwar

While the breach of the Aliquippa Municipal Water Authority systems may appear relatively insignificant, it is actually a sign of the increasing use of cybercrime as a war tactic. Matthew Mottes, chairman of the water authority, commented on the unique circumstances surrounding the attack, and how cybercrime has shifted in the last couple decades:

“It’s not like it’s World War II where we had the mills and the big industry here when, understandably, we’d be a target from a foreign adversary… But oddly enough, [the attackers] found us.”

The U.S. government and the Israel National Cyber Directorate released a joint cybersecurity advisory on December 1 stating that additional organizations were also targeted in the attack, although no specific entities were named. However, it is known that the attacks were not limited to public agencies, as an aquarium and a Pittsburgh brewery also experienced system breaches. The advisory revealed that the Iranian military is likely the true actor behind the cyber attacks, and that businesses across sectors are potentially at risk:

“The IRGC is an Iranian military organization that the United States designated as a foreign terrorist organization in 2019. IRGC-affiliated cyber actors using the persona ‘CyberAv3ngers’ are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs). These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies.”

Cyberwarfare can impact governments and businesses alike, and as it continues to rise, experts warn that organizations need to be more vigilant than ever with their security.