The Cybersecurity and Infrastructure Agency (CISA) has published an advisory on an Iranian cyber group using Israeli-made systems to attack US facilities.
Called the “CyberAv3ngers,” the hackers are known for “actively targeting and compromising” Unitronics Vision Series programmable logic controllers (PLCs) that are used as video screens to manage operations in the water and wastewater systems sector.
The capability is also used in industries related to healthcare, manufacturing, energy, and food and beverage.
During assaults, the criminals project a short message on the screens saying, “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.”
Instances of attacks from CyberAv3ngers have been documented across multiple states since November.
Although CISA has not released the number of incidents in targeted organizations, a report from CNN said that not more than 10 domestic water facilities have been impacted.
According to CISA’s report, PLC devices that are commonly infiltrated are “publicly exposed to the internet” due to their remote and monitoring functionality and activated through default credentials.
“The compromise is centered around defacing the controller’s user interface and may render the PLC inoperative,” the agency explained.
“With this type of access, deeper device and network level accesses are available and could render additional, more profound cyber physical effects on processes and equipment.”
“It is not known if additional cyber activities deeper into these PLCs or related control networks and components were intended or achieved.”
Ties With Iranian Revolutionary Guard Corps
CISA, along with the FBI, the National Security Agency, the Environmental Protection Agency, and the Israel National Cyber Directorate, has tracked CyberAv3nger activities since October 2023, when the hackers claimed a series of digital assaults against Israeli PLCs on Telegram.
The hackers were found to be affiliated with the Iranian Government Islamic Revolutionary Guard Corps.
The US government labeled the Tehran-based military force as a foreign terrorist organization in 2019.