Hackers working on behalf of the Iranian government are likely to target industrial control systems used at water treatment plants and other critical infrastructure to retaliate against recent military strikes by Israel and the US, federal government agencies are warning. One cybersecurity company says many US-based targets aren’t adequately protected against the threat.
“Based on the current geopolitical environment, Iranian-affiliated cyber actors may target US devices and networks for near-term cyber operations,” an advisory jointly published by the The Cybersecurity and Infrastructure Security Agency, FBI, Department of Defense Cyber Crime Center, and the National Security Agency stated. “Defense Industrial Base (DIB) companies, particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk.”
Easy targets
Of particular interest to the would-be hackers are control systems that automate industrial processes inside water treatment plants, dams, and other critical infrastructure, particularly when those systems are manufactured by Israel-based companies. Between November 2023 and January 2024, near the onset of the conflict between Israel and Hamas, federal agencies said hackers affiliated with the Iranian Islamic Revolutionary Guard Corps actively targeted and compromised Israeli-made programmable-logic controllers and human-machine interfaces used in multiple sectors, Including US Water and Wastewater Systems Facilities. At least 75 devices, including at least 34 in US-based water facilities, were compromised.
Hackers in those operations targeted Unitronics Vision Series devices that automate processes inside water facilities. After gaining control of the devices, the hackers interfered with their ability to function normally. The actors also introduced changes that prevented the devices from being remotely accessed by administrators. The hacked devices were either protected by default passwords or no password at all, making them easy targets.