Skip to main content
close search
site logo
Dive Brief

CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks

The Unitronics warning follows an Iran-linked hack of a Pennsylvania water treatment facility.

Published Nov. 29, 2023
David Jones's headshot
Reporter
stock image
Retrieved from Pixabay.

Dive Brief:

  • The Cybersecurity and Infrastructure Security Agency warned Tuesday that threat actors are attempting to exploit Unitronics programmable logic controllers that are used in water and wastewater treatment facilities. 
  • The warning comes days after a reported attack against the Municipal Water Authority of Aliquippa, which provides water treatment to facilities in multiple townships in Pennsylvania. 
  • The hack was connected to an Iran-linked group called Cyber Av3ngers, according to Check Point Research. The group has targeted critical infrastructure in Israel since the start of the war with Hamas in early October.

Dive Insight:

The incident raises the spotlight on a sector that has been the focus of Biden administration efforts to secure critical infrastructure. The attack comes weeks after the Environmental Protection Agency was forced to rescind water system audits after a legal challenge from state officials. 

Check Point said the group has exploited Microsoft Exchange vulnerabilities for initial access into systems. 

Federal authorities, including the FBI and Department of Homeland Security have taken the lead on investigating the incident, according to a Pennsylvania State Police spokesperson. 

The FBI confirmed it is investigating multiple cyberattacks nationwide.

“The FBI is aware and investigating the various incidents across the country,” a spokesperson said via email. “We will continue to assist impacted organizations.”

The agency is asking anyone who thinks they may have been impacted by these attacks, to file a report with the Internet Crime Complaint Center at www.ic3.gov. The FBI did not specify which other cyber incidents were under investigation.

The Water Information Sharing and Analysis Center on Tuesday issued an advisory regarding the threat to water treatment facilities, noting the group has launched attacks against multiple facilities in Israel.

Officials at Unitronics were not immediately available for comment.

The programmable logic controllers are used to turn off pumps at a pump station to fill tanks and reservoirs, flow the pace chemicals and also gather monthly compliance data, according to CISA.

The hackers are suspected of accessing the device, a Unitronics Vision Series PLC with a human machine interface, by exploiting weaknesses in the system, including poor password security and exposure to the internet, the agency said.

CISA is urging organizations to take several immediate steps: 

  • Change the default password on the Unitronics PLC device.
  • Require multifactor authentication for all access to the OT network. 
  • Disconnect the PLC from the open internet link. However if remote access is necessary, install a firewall or VPN to control network access. 
  • Backup the logic and configurations on any Unitronics PLC device. 
  • If possible, use a TCP port other than the TCP 20256 default port.

Editor's note: This story has been updated to include details on the FBI investigation.

 

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell