Iran-affiliated hackers breached facilities across several US states: Report

It has been revealed that the small Pennsylvania water authority that was hacked late last month was just one of several organizations within the U.S. that have been targeted by hackers affiliated with Iran.

U.S. and Israeli authorities claim that the hackers targeted an industrial control device because it was made by Israel.

In an advisory that was released on Friday, the FBI, the Environmental Protection Agency, the Cybersecurity and Infrastructure Security Agency (known as CISA), and Israel's National Cyber Directorate said that "[t]he victims span multiple U.S. states."

However, it is unclear just how many organizations have been targeted by the hacker group, or if there are plans to hack into other organizations in the future.

The Associated Press reported that Matthew Mottes, the chairman of the Municipal Water Authority of Aliquippa, who discovered that the water authority had been hacked on November 25, said he was told that there were at least four other utilities and one aquarium that had been targeted in the attack.

The report noted that while there is no current evidence that connects Iran with the terrorist attacks carried out by Hamas against Israel on October 7, cybersecurity experts suggested that Iran-backed hackers and other pro-Palestinian hackers were trying to target Israel and its allies.

It is believed that the Iranian Government Islamic Revolutionary Guard Corps could have played a role in the recent hacking on American soil.

The advisory stated: "The IRGC is an Iranian military organization that the United States designated as a foreign terrorist organization in 2019. IRGC-affiliated cyber actors using the persona 'CyberAv3ngers' are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs)."

"These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies. In addition to the recent CISA Alert, the authoring agencies are releasing this joint CSA to share indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with IRGC cyber operations."

"Since at least November 22, 2023, these IRGC-affiliated cyber actors have continued to compromise default credentials in Unitronics devices," the advisory continued.

"The IRGC-affiliated cyber actors left a defacement image stating, 'You have been hacked, down with Israel. Every equipment "made in Israel" is CyberAv3ngers legal target.' The victims span multiple U.S. states. The authoring agencies urge all organizations, especially critical infrastructure organizations, to apply the recommendations listed in the Mitigations section of this advisory to mitigate risk of compromise from these IRGC-affiliated cyber actors."

According to Check Point's Sergey Shykevich, Israel and Iran were already engaged in low-impact cyberconflict before the attacks on October 7.

It is unclear if Israel or its allies have prepared a response to the hacks.

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!