Iran-Backed Hackers Targeting US Facilities Through Israeli Tech

The Cybersecurity and Infrastructure Agency (CISA) has issued an advisory detailing the activities of a cyber group known as the "CyberAv3ngers," linked to Iran, utilizing Israeli-made systems to target US facilities. These hackers are notably targeting Unitronics Vision Series programmable logic controllers (PLCs), commonly used in water and wastewater systems, as well as healthcare, manufacturing, energy, and food and beverage industries.

The CyberAv3ngers employ a tactic of defacing the PLCs user interfaces during attacks, displaying a message asserting their actions against Israel. Incidents attributed to CyberAv3ngers have been reported in multiple states since November. While the exact number of affected organizations remains undisclosed by CISA, CNN reports suggest that fewer than 10 domestic water facilities have been impacted.

CISA report highlights that the compromised PLC devices are often exposed to the internet due to their remote monitoring functionality and default credentials. The attackers" activities may render the PLCs inoperative, and their access could potentially lead to more severe cyber-physical effects on processes and equipment.

Authorities, including CISA, the FBI, the National Security Agency, the Environmental Protection Agency, and the Israel National Cyber Directorate, have been monitoring CyberAv3nger activities since October 2023. The hackers claimed responsibility for digital assaults against Israeli PLCs on Telegram. The group is linked to the Iranian Government Islamic Revolutionary Guard Corps, designated as a foreign terrorist organization by the US government in 2019.