The Municipal Water Authority of Aliquippa in Pennsylvania confirmed that hackers took control of a system associated with a booster station over the weekend, but said there was no risk to the water supply.
The company provides water and sewer services to more than 6,600 customers in Aliquippa and portions of Hopewell, Raccoon and Potter Townships.
A representative of the water utility told KDKA-TV that the compromised system is associated with a booster station that monitors and regulates water pressure for Raccoon and Potter Townships.
An alarm quickly alerted the Aliquippa utility of the intrusion and the compromised system was disabled. The water facility’s representative said there was no known risk to the water supply or drinking water.
An Iran-linked hacktivist group calling itself Cyber Av3ngers has taken credit for the attack. The anti-Israel hackers appear to have targeted an industrial control system (ICS) made by Israeli company Unitronics.
An image posted by KDKA-TV suggests that the hackers took control of an Unitronics Vision system, which is a programmable logic controller (PLC) with an integrated human-machine interface (HMI). Unitronics Vision products have been known to be affected by critical vulnerabilities that could expose devices to attacks.
On the other hand, HMIs are often left exposed to the internet and are accessible without authentication, making them an easy target even for low-skilled threat actors.
The Cyber Av3ngers group claims to have breached the systems of many water treatment stations in Israel since the Israel-Hamas conflict escalated on October 7.
However, the hackers have been known to exaggerate the impact of their attacks and have even been found to publish fake data and claim it was stolen from a targeted organization.
Hacktivist groups often target ICS because they are well aware of the potential implications of hacking these types of devices and it helps them draw more attention to their cause.
In many cases, hacktivists don’t need to be industrial system experts in order to conduct attacks. Because HMIs are often left unprotected, hackers can easily access them and change parameters that could have a significant impact on physical processes.
The claims of such hacktivist groups are often exaggerated, but experts have warned that they should not be ignored.
KDKA-TV reported that Pennsylvania State Police were notified of the incident at the Aliquippa water utility, but it’s unclear if federal authorities have also gotten involved in the investigation.
Cyberattacks aimed at the water sector are not uncommon and there have been confirmed reports of attacks impacting ICS at water facilities. That is why the US government agency CISA recently started offering a free vulnerability scanning serviceto organizations in this sector.
Iran-Linked “Cyber Av3ngers” Hackers Compromise Control System at Pennsylvania Water Utility
Iran-Linked "Cyber Av3ngers" hackers compromised an industrial control system at the Municipal Water Authority of Aliquippa (MWAA) in Pennsylvania.
Russian Sandworm Hackers Target Ukraine’s Power Grid in Coordinated Cyber-Physical Attack
Russia’s Sandworm hackers disrupted power in Ukraine using a novel attack against operational technology (OT) coordinated with missile strikes.
Deep Dive: PIPEDREAM/Incontroller ICS Attack Framework
In this session, Mark Plemmons, Sr. Director for Threat Intelligence at Dragos, dives deep into the technical details and real-world impact on the modular ICS attack framework known as PIPEDREAM/Incontroller
Researchers Use IoT and IT to Deliver Ransomware Attack Against OT
Critical industries must prepare themselves for a new wave of ransomware attacks specifically targeting OT
Colonial Pipeline Still Mostly Offline After Ransomware Attack
The Colonial Pipeline is working on a restart plan after a ransomware attack triggered the company to halt all pipeline operations on May 7, 2021.
The Past & Future of Integrity Attacks in ICS Environments (Video)
Integrity-based attacks can produce significant impacts through undermining a physical process and calling into doubt the viability of a specific facility.
The Growing Threat of Drones
Drones are an increasing threat to industrial sites, enabling various attacks (cyber and physical) that historically were only possible in close proximity to a facility or device.
Side-Channel Attacks Put Critical Infrastructure at Risk
ICS Devices Vulnerable to Side-Channel Attacks: Researcher Shows (Eduard Kovacs - SecurityWeek) Side-channel attacks can pose a serious threat to industrial control systems (ICS), a researcher warned last month at SecurityWeek’s ICS Cyber Security Conference in Atlanta, GA. Demos Andreou, a lead engineer at power management company Eaton, has conducted an analysis of protection devices typically used in the energy sector, specifically in power distribution stations. Side-channel attacks can be used to extract data from a system based on information gained by observing
DHS Releases ICS-CERT 2016 Assessment Summary Report
By: Eduard Kovacs (SecurityWeek) - The assessments conducted by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in 2016 showed that inadequate boundary protection has remained the most prevalent weakness in critical infrastructure organizations. ICS-CERT conducted 130 assessments in the fiscal year 2016, which is more than in any previous year. Monitor newsletters published by ICS-CERT this year show that it has already conducted 74 assessments in the first half of 2017. Assessments are offered to both government organizations and private sector companies
What Modular, Network-based ICS Threats Mean to Your Systems
By Cameron Camp, Security Researcher, ESET Industroyer, the recent complex malware targeting industrial control systems, offers attackers a modular complex way to attack systems like the power grid. What are the implications of this? For years, adversaries have been quietly testing the defenses of bulk critical infrastructure like gas and oil systems, hydroelectric dams and the power grid. In recent years, starting with Stuxnet in 2010, more focused attempts at directly manipulating industrial systems have started to gain prominence, including Industroyer, which