November 27, 2023 at 07:06AM
Hackers took control of a booster station associated with the Municipal Water Authority of Aliquippa in Pennsylvania, but the water supply was not at risk. The compromised system was disabled after an alarm alerted the utility. An Iran-linked hacktivist group called Cyber Av3ngers claimed responsibility for the attack on an Israeli industrial control system made by Unitronics. HMIs, which are often accessible without authentication, are vulnerable targets for hackers. Hacktivist groups are drawn to ICS devices for the potential implications of their attacks. Pennsylvania State Police were notified, but it’s unclear if federal authorities are involved.
Summary:
– Hackers took control of a system associated with a booster station in Aliquippa, Pennsylvania, but there was no risk to the water supply.
– The compromised system was associated with a booster station that regulates water pressure.
– An alarm alerted the utility of the intrusion, and the system was disabled.
– The hacktivist group Cyber Av3ngers, claiming to be Iran-linked, took credit for the attack, targeting an industrial control system (ICS) made by Israeli company Unitronics.
– The hackers may have taken control of a Unitronics Vision system, which is a programmable logic controller (PLC) with a vulnerable human-machine interface (HMI).
– HMIs are often left exposed to the internet without authentication, making them an easy target.
– Cyber Av3ngers claims to have breached water treatment stations in Israel, but they have a history of exaggerating attacks.
– Hacktivist groups often target ICS to draw attention to their cause, even if they lack expertise in industrial systems.
– The incident was reported to the Pennsylvania State Police, but it is unclear if federal authorities are also involved.
– Cyberattacks on the water sector are common, and the US government agency CISA offers a free vulnerability scanning service for organizations in the sector.