Hackers Exploiting PLC Controllers In US Water Management System To Gain Remote Access

A joint Cybersecurity Advisory (CSA) warns of ongoing exploitation attempts by Iranian Islamic Revolutionary Guard Corps (IRGC)-affiliated cyber actors using the online persona “CyberAv3ngers.” 

These actors are targeting and compromising Unitronics Vision Series programmable logic controllers (PLCs), specifically those manufactured by the Israeli company Unitronics.

Water and Wastewater Systems (WWS) are among the many critical infrastructure sectors that have adopted these PLCs for widespread deployment. 

Their applications are not limited to WWS; they are also utilized in other sectors, such as the energy industry, the food and beverage manufacturing industry, and healthcare facilities. 

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

The concerning aspect of this targeting is that these PLCs, along with other associated controllers, are frequently exposed to the internet for remote control and monitoring purposes.

The user interface (UI) of the PLCs that were targeted appears to be the primary focus of the compromise that has been reported, which could potentially render them inoperable. 

By gaining access to these controllers, the actors could disrupt critical processes overseen by the PLCs, potentially leading to significant consequences depending on the targeted infrastructure.

The CSA urges organizations utilizing Unitronics Vision Series PLCs to implement a layered cybersecurity approach to mitigate these exploitation attempts, which includes segmenting networks to isolate PLCs from internet connectivity whenever possible. 

If remote access is necessary, organizations should utilize secure remote access solutions with multi-factor authentication (MFA) and maintain updated firmware on PLCs associated with control systems. 

Patching known vulnerabilities promptly is crucial to minimize the attack surface and implement network segmentation to restrict access to PLCs only to authorized personnel and devices.

Employ strong passwords enforce password rotation policies for accounts with access to PLCs and monitor network activity for anomalous behavior that might indicate unauthorized access attempts. 

By following these defensive measures, organizations can significantly reduce the risk of successful compromise by IRGC-affiliated cyber actors or any other malicious threat actor targeting their critical infrastructure.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free