Skip to main content

Iran-linked cyberattacks threaten equipment used in U.S. water systems and factories

caption: This photo provided by the Municipal Water Authority of Aliquippa shows the screen of a Unitronics device that was hacked in Aliquippa, Pa., on Nov. 25.
Enlarge Icon
This photo provided by the Municipal Water Authority of Aliquippa shows the screen of a Unitronics device that was hacked in Aliquippa, Pa., on Nov. 25.
Municipal Water Authority of Aliquippa via AP

Updated December 2, 2023 at 1:51 PM ET

An Iran-linked hacking group is "actively targeting and compromising" multiple U.S. facilities for using an Israeli-made computer system, U.S. cybersecurity officials say.

The Cybersecurity and Infrastructure Security Agency (CISA) said on Friday that the hackers, known as "CyberAv3ngers," have been infiltrating video screens with the message "You have been hacked, down with Israel. Every equipment 'made in Israel' is CyberAv3ngers legal target."

The cyberattacks have spanned multiple states, CISA said. While the equipment in question, "Unitronics Vision Series programmable logic controllers," is predominately used in water and wastewater systems, companies in energy, food and beverage manufacturing, and health care are also under threat.

"These compromised devices were publicly exposed to the internet with default passwords," CISA said.

The agency did not specify how many organizations have been hacked, but on Friday CNN reported that "less than 10" water facilities around the U.S. had been affected.

CyberAv3ngers was behind the breach at a water authority outside of Pittsburgh on Nov. 25. The Aliquippa water authority was forced to temporarily disable the compromised machine, but reassured citizens that the drinking water is safe.

While it did not cause any major disruptions to the water supply, the incident revealed just how vulnerable the nation's critical infrastructure is to cyberattacks.

"If a hack like this can happen here in Western Pennsylvania, it can happen elsewhere in the United States," Sens. John Fetterman and Bob Casey, and Rep. Chris Deluzio, who all represent the state, wrote in a letter to Attorney General Merrick Garland on Tuesday. The lawmakers urged the Justice Department "to conduct a full investigation and hold those responsible accountable."

It also showed the scale and scope of Israel and Hamas' cyberwarfare. Alongside the fight on the ground, both sides of the conflict are armed with dozens of hacking groups that have been responsible for disrupting company operations, leaking sensitive information online and collecting user data to plan future attacks.

"We're now tracking over 150 such groups. And since you and I started to correspond, it was probably 20 or 30 or 40. So there's more groups, and more hacktivist groups are joining," Gil Messing, the chief of staff at the Israeli cybersecurity firm Check Point, told NPR.

In response to the cyber concerns, Israeli authorities recently gave themselves new emergency wartime powers, which allows the government to step in if a company that specifically deals with cloud storage and digital services gets hacked.

NPR's Jenna McLaughlin contributed reporting. [Copyright 2023 NPR]

Why you can trust KUOW