A water company that did not change the password of its equipment from the default ``1111'' was hacked by Iranian hackers



Since November 2023, a hacking group called ``CyberAv3ngers'' under Iran's

Islamic Revolutionary Guard Corps (IRGC) has been hacking into American water facilities that use Israeli-made computer equipment. It has been reported that some water utilities were easily hacked because they had not changed the password for their equipment from the default setting of ``1111''.

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities | CISA
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a



Iran-linked cyberattacks threaten US water, heath care and energy sectors : NPR
https://www.npr.org/2023/12/02/1216735250/iran-linked-cyberattacks-israeli-equipment-water-plants

Officials: US water utilities hacked after leaving passwords set to
https://www.fastcompany.com/91002831/us-water-utilities-hacked-cybersecurity

The target of this hacking incident was a programmable logic controller (PLC) , which is a device that controls the operation of large-scale equipment and machinery according to programs that specify sequences and conditions. This equipment is installed in various factories, infrastructure providers, buildings, entertainment facilities, etc., and requires extremely high levels of safety and stability.

According to the US Cybersecurity and Infrastructure Security Agency (CISA) , CyberAv3ngers, a hacking group affiliated with the IRGC, has been actively hacking the Unitronics Vision series, an Israeli-made PLC, since November 2023. About. Unitronics Vision's PLCs are commonly used in water and wastewater systems, as well as in energy facilities, food factories, and the healthcare industry.

'Infrastructure like PLCs is often forgotten, abandoned, or both, making them attractive targets for nation-states,' said Gary Perkins, chief information security officer at cybersecurity firm CISO Global. It will be,” he points out.

Across the United States, at least 11 businesses using Unitronics Vision PLCs have been attacked by CyberAv3ngers, including six water utilities, as well as pharmacies, pools, and breweries. It is said that it was encountered. CyberAv3ngers displayed a message on the screen of the hacked device: ``You have been hacked. All 'Made in Israel' equipment is a legitimate target of CyberAv3ngers.''



Please note that at the time of writing, there have been no reported cases where CyberAv3ngers' hacking has affected important systems or caused confusion. Matthew Mottes, director of

Aliquippa, Pennsylvania's Water District , which was victimized by the hack, said the agency disabled the affected systems after the attack, so there was no impact on water supply to local residents.

According to CISA, the PLC hacked by CyberAv3ngers was connected to the open Internet with the default password ``1111'', making it easy for hackers to access.

“Businesses and critical services face increasing cyber threats from malicious actors and nation-states,” said Anne Neuberger , deputy national security adviser for cyber security at the National Security Council. . He says that changing passwords from the default is a low-cost measure, and urges companies and business entities to take action as soon as possible.



However, since much of the hardware such as PLCs was developed before the spread of the Internet, there are still cases where security management is inadequate. Additionally, since many vendors access the same equipment, there are cases where ease of operation is prioritized over security. Some companies have an 'air gap' that isolates important hardware from the Internet, but vendor employees may be infected with malware by connecting a USB memory stick, so the latest security patches are required. It's also important to protect your systems.

Andy Thompson, an expert at security software company CyberArk , points out that attacks on critical infrastructure have increased in recent years in connection with geopolitical tensions and global conflicts. . Although the number of these attacks is huge, they are technically immature, and although no serious damage has been reported at the time of writing, there is a possibility that a fatal situation may someday occur.

In 2021, an incident occurred in Oldsmar City, Florida, USA, where the computer system that controls the water treatment system was hacked and the amount of sodium hydroxide contained in the water was changed to approximately 100 times the standard value. did. Fortunately, this incident did not pose a health threat to residents as the operator noticed something unusual, but hacking critical infrastructure is a major threat.

It turns out that the water system was hacked and there was a risk of mass poisoning of citizens - GIGAZINE



Neuberger hopes that critical utilities will recognize that it is in their interest to 'lock the digital doors' and that manufacturers like Unitronics will build security into their products. '(The water system intrusion) was a fairly basic attack that could have been prevented if basic cybersecurity was in place,' Neuberger said.

◆Forum now open
A forum related to this article has been set up on the GIGAZINE official Discord server . Anyone can write freely, so please feel free to comment! If you do not have a Discord account, please create one by referring to the article explaining how to create an account!

• Discord | 'Have you ever operated any device with the default password?' | GIGAZINE
https://discord.com/channels/1037961069903216680/1188776939155103755

Related Posts:

in Security, Posted by log1h_ik