US: Iran behind attacks on our water sector


Iran’s elite military government has come under fire again, with the US accusing it of using a nation-state threat group to launch attacks on its water sector as part of its ongoing conflict with Israel.

The FBI and NSA issued the joint statement condemning the Iranian Revolutionary Guard Corps (IRGC) on December 1st, in conjunction with cyber authorities in the US and Israel, which has long been deadlocked with Iran over geopolitical issues in the Middle East.

More specifically, the US is fingering a suspected Iranian group it calls CyberAv3ngers, which it says was behind recent attacks on its water supply as a result of its going after Israeli companies in the sector.

The trend came to light in November after the municipal water authority of Aliquippa in Pennsylvania was hacked. Its computer terminal interface altered to read: “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.”

“IRGC-affiliated cyber actors using the persona ‘CyberAv3ngers’ are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs),” said the Cybersecurity and Infrastructure Security Agency (CISA).

The US body added: “These PLCs are commonly used in the water and wastewater systems sector and [...] in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare.”

Described by CISA as a “cyber persona” of the IRGC – designated as a terrorist organization by the US since 2019 – CyberAv3ngers is also said to have claimed responsibility for multiple attacks on Israeli soil since 2020.

A Telegram channel thought to be run by the group was spotted displaying “both legitimate and false claims of multiple cyberattacks against Israel” in recent months, and CyberAv3ngers is said to have targeted Israeli public companies in the water, energy, shipping, and distribution sectors.

In addition, CyberAv3ngers is believed to have an accomplice of sorts, the provocatively named group Soldiers of Solomon – which obscurely appears to be named after the legendary Biblical king of ancient Israel.

“The CyberAv3ngers-linked Soldiers of Solomon claimed responsibility for compromising over 50 servers, security cameras, and smart city management systems in Israel,” said CISA, but added that the “majority of these claims were proven false.”


More from Cybernews:

Navigating the shadows: the risks of AI-generated content

Spot the Artist: a robot dog takeover at NGV Triennial in Melbourne

Spotify to cut staff by 17%

Roblox, Twitch allegedly targeted by ransomware cartel

WhatsApp takes user privacy to next level: secrecy

Subscribe to our newsletter


More from Cybernews:

AI models wide open to cyberattacks, analyst warns

Spot the Artist: a robot dog takeover at NGV Triennial in Melbourne

Spotify to cut staff by 17%

Roblox, Twitch allegedly targeted by ransomware cartel

WhatsApp takes user privacy to next level: secrecy

Subscribe to our newsletter