December 8, 2023 at 04:49AM
US infrastructure may be compromised by Iran-linked attackers targeting PLCs, warns a coalition of US and Israeli agencies. The CyberAv3ngers group, believed to be connected to Iran’s IRGC, attacked a Pennsylvania water authority and may have accessed multiple facilities since November 22, exploiting poorly secured internet-connected devices.
Meeting Takeaways:
1. **Security Threat:** Critical infrastructure in various US states possibly compromised by Iran-linked attackers.
2. **Targeted Devices:** The attacks are specifically aimed at programmable logic controllers (PLCs).
3. **Recent Incident:** The FBI, CISA, NSA, EPA, and the Israel National Cyber Directorate issued a warning after detecting an attack on a Pennsylvania water authority.
4. **Threat Group:** The cyberattack was executed by a group called CyberAv3ngers. They hacked Unitronics Vision Series PLCs.
5. **Potential Motivation:** CyberAv3ngers, believed to be connected to the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC), may be targeting Unitronics PLCs due to Israeli ownership components.
6. **Scope of Issue:** The warning indicates that the threat extends beyond Pennsylvania, with attacks starting on Nov. 22 against US facilities using Unitronic PLCs, especially within water and wastewater sectors.
7. **Method of Access:** Attackers have likely gained access through Internet-accessible devices that were secured with default passwords, having more than 10 days of access.
8. **Vulnerability Details:** The compromised devices, often connected to the internet for remote operation, are commonly found on TCP port 20256.
9. **Potential Risks:** If breached, PLCs can become inoperative, potentially shutting down operational technology that runs utilities and industrial controls.
10. **Current Intelligence Status:** It is unclear if the attackers have managed further penetration into the PLCs, and agencies are advising organizations with these controllers to assess their systems for vulnerabilities or breaches.