Tuesday, January 14, 2025
Homecyber securityHackers Exploiting PLC Controllers In US Water Management System To Gain Remote...

Hackers Exploiting PLC Controllers In US Water Management System To Gain Remote Access

Published on

A joint Cybersecurity Advisory (CSA) warns of ongoing exploitation attempts by Iranian Islamic Revolutionary Guard Corps (IRGC)-affiliated cyber actors using the online persona “CyberAv3ngers.” 

These actors are targeting and compromising Unitronics Vision Series programmable logic controllers (PLCs), specifically those manufactured by the Israeli company Unitronics.

Water and Wastewater Systems (WWS) are among the many critical infrastructure sectors that have adopted these PLCs for widespread deployment. 

Their applications are not limited to WWS; they are also utilized in other sectors, such as the energy industry, the food and beverage manufacturing industry, and healthcare facilities. 

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

The concerning aspect of this targeting is that these PLCs, along with other associated controllers, are frequently exposed to the internet for remote control and monitoring purposes.

The user interface (UI) of the PLCs that were targeted appears to be the primary focus of the compromise that has been reported, which could potentially render them inoperable. 

By gaining access to these controllers, the actors could disrupt critical processes overseen by the PLCs, potentially leading to significant consequences depending on the targeted infrastructure.

The CSA urges organizations utilizing Unitronics Vision Series PLCs to implement a layered cybersecurity approach to mitigate these exploitation attempts, which includes segmenting networks to isolate PLCs from internet connectivity whenever possible. 

If remote access is necessary, organizations should utilize secure remote access solutions with multi-factor authentication (MFA) and maintain updated firmware on PLCs associated with control systems. 

Patching known vulnerabilities promptly is crucial to minimize the attack surface and implement network segmentation to restrict access to PLCs only to authorized personnel and devices.

Employ strong passwords enforce password rotation policies for accounts with access to PLCs and monitor network activity for anomalous behavior that might indicate unauthorized access attempts. 

By following these defensive measures, organizations can significantly reduce the risk of successful compromise by IRGC-affiliated cyber actors or any other malicious threat actor targeting their critical infrastructure.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Latest articles

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...