Monday, May 5, 2025
Homecyber securityHackers Exploiting PLC Controllers In US Water Management System To Gain Remote...

Hackers Exploiting PLC Controllers In US Water Management System To Gain Remote Access

Published on

SIEM as a Service

Follow Us on Google News

A joint Cybersecurity Advisory (CSA) warns of ongoing exploitation attempts by Iranian Islamic Revolutionary Guard Corps (IRGC)-affiliated cyber actors using the online persona “CyberAv3ngers.” 

These actors are targeting and compromising Unitronics Vision Series programmable logic controllers (PLCs), specifically those manufactured by the Israeli company Unitronics.

Water and Wastewater Systems (WWS) are among the many critical infrastructure sectors that have adopted these PLCs for widespread deployment. 

- Advertisement - Google News

Their applications are not limited to WWS; they are also utilized in other sectors, such as the energy industry, the food and beverage manufacturing industry, and healthcare facilities. 

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

The concerning aspect of this targeting is that these PLCs, along with other associated controllers, are frequently exposed to the internet for remote control and monitoring purposes.

The user interface (UI) of the PLCs that were targeted appears to be the primary focus of the compromise that has been reported, which could potentially render them inoperable. 

By gaining access to these controllers, the actors could disrupt critical processes overseen by the PLCs, potentially leading to significant consequences depending on the targeted infrastructure.

The CSA urges organizations utilizing Unitronics Vision Series PLCs to implement a layered cybersecurity approach to mitigate these exploitation attempts, which includes segmenting networks to isolate PLCs from internet connectivity whenever possible. 

If remote access is necessary, organizations should utilize secure remote access solutions with multi-factor authentication (MFA) and maintain updated firmware on PLCs associated with control systems. 

Patching known vulnerabilities promptly is crucial to minimize the attack surface and implement network segmentation to restrict access to PLCs only to authorized personnel and devices.

Employ strong passwords enforce password rotation policies for accounts with access to PLCs and monitor network activity for anomalous behavior that might indicate unauthorized access attempts. 

By following these defensive measures, organizations can significantly reduce the risk of successful compromise by IRGC-affiliated cyber actors or any other malicious threat actor targeting their critical infrastructure.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...

MintsLoader Malware Uses Sandbox and Virtual Machine Evasion Techniques

MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...