Iranian Hacking Group Attacks Pennsylvania Water Authority

The U.S. Cybersecurity and Infrastructure Security Agency is investigating a cyberattack from an Iranian hacking group known as “Cyber Av3ngers” that targeted a small municipal water authority in Pennsylvania over its use of Israeli-owned software, according to officials.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

The Municipal Water Authority of Aliquippa confirmed it had been the subject of a breach Saturday that shut down a supply pump providing drinking water to multiple municipalities, including a town in the Pittsburgh metropolitan area with nearly 3,000 residents, according to U.S. Census data.

The water authority uses pressure-monitoring equipment developed by the Israeli technology company Unitronics. When the attack occurred, a small Unitronics device in the Pennsylvania facility flashed a bright red message that read: “You have been hacked. Down with Israel. Every equipment ‘made in Israel’ is Cyber Av3ngers legal target.”

The intrusion triggered alerts to the U.S. Department of Homeland Security and sent on-call municipal workers scrambling during the holiday weekend to shut down automated systems and conduct manual operations.

Robert Bible, a Pittsburgh-area water authority official, told media outlets that local water service was not disrupted and water quality remained unaffected from the incident.

The attack is one of a handful of known cyberattacks on American water systems. The Biden administration earlier this year attempted to use existing regulatory authorities to force water systems into evaluating their cybersecurity risk, but it backed off in the face of a court ruling staying the effort (see: US EPA Nixes Cybersecurity Assessments of Water Systems).

According to the cybersecurity firm Check Point Research, the threat group – which typically focuses on attacking Israeli targets by exploiting Microsoft Exchange vulnerabilities – launched a new campaign in October to recruit additional hackers as part of an effort to broaden its cyber operations.

Matthew Mottes, chairman of the Aliquippa water authority, told local news outlets the hackers had not gained access to the water treatment plant itself, since the Unitronics system is on a separate computer system separated from the primary network.

Rep. Chris Deluzio, D-Pa., called fora “full investigation and prosecution of the hackers” in a statement posted to the congressman’s Facebook page Tuesday, saying the incident had been “a terrible reminder that our adversaries are targeting our critical infrastructure.”

DHS and CISA did not immediately respond to requests for comment.