Iranian Hacking Group Attacks Pennsylvania Water Authority

CISA Investigating Iranian Hacking Group Attack on Pennsylvania Water Authority
Iranian Hacking Group Attacks Pennsylvania Water Authority
Iranian threat actors launched a cyberattack against the Municipal Water Authority of Aliquippa. (Image: MWAA)

The U.S. Cybersecurity and Infrastructure Security Agency is investigating a cyberattack from an Iranian hacking group known as "Cyber Av3ngers" that targeted a small municipal water authority in Pennsylvania over its use of Israeli-designed pressure monitoring system, according to officials.

See Also: Forrester Report: The Total Economic Impact™ Of Dell PowerProtect Cyber Recovery

The Municipal Water Authority of Aliquippa confirmed it had been the subject of a breach Saturday that shut down a supply pump providing drinking water to multiple municipalities, including a town in the Pittsburgh metropolitan area with nearly 3,000 residents, according to U.S. Census data.

The water authority uses pressure-monitoring equipment developed by the Israeli technology company Unitronics. When the attack occurred, a small Unitronics device in the Pennsylvania facility flashed a bright red message that read: "You have been hacked. Down with Israel. Every equipment 'made in Israel' is Cyber Av3ngers legal target."

The intrusion triggered alerts to the U.S. Department of Homeland Security and sent on-call municipal workers scrambling during the holiday weekend to shut down automated systems and conduct manual operations.

Robert Bible, a Pittsburgh-area water authority official, told media outlets that local water service was not disrupted and water quality remained unaffected from the incident.

The attack is one of a handful of known cyberattacks on American water systems. The Biden administration earlier this year attempted to use existing regulatory authorities to force water systems into evaluating their cybersecurity risk, but it backed off in the face of a court ruling staying the effort (see: US EPA Nixes Cybersecurity Assessments of Water Systems).

According to the cybersecurity firm Check Point Research, the threat group - which typically focuses on attacking Israeli targets by exploiting Microsoft Exchange vulnerabilities - launched a new campaign in October to recruit additional hackers as part of an effort to broaden its cyber operations.

Matthew Mottes, chairman of the Aliquippa water authority, told local news outlets the hackers had not gained access to the water treatment plant itself, since the Unitronics system is on a separate computer system separated from the primary network.

Rep. Chris Deluzio, D-Pa., called fora "full investigation and prosecution of the hackers" in a statement posted to the congressman's Facebook page Tuesday, saying the incident had been "a terrible reminder that our adversaries are targeting our critical infrastructure."

DHS and CISA did not immediately respond to requests for comment.

About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.