Iranian cyber criminals targeting Israeli technology hack into Pennsylvania water system

Claire Thornton, USA TODAY
·4 min read

Federal authorities are investigating a computer hack of a Pennsylvania utility provider that is believed to have been targeted by an Iranian-linked cyber group looking to disrupt Israeli-made technology in the U.S.

On Saturday, the Iranian group Cyber Av3ngers hacked into water authority infrastructure in Aliquippa, a city about 18 miles northwest of Pittsburgh, local authorities confirmed. The group took partial control of a system that regulates water pressure — and one that includes technology manufactured in Israel, according to water authority board chairman Matthew Mottes.

"This is very direct. It's using the internet as a weapon," said Max Kilger, a cyber security professor at the University of Texas at San Antonio who has closely followed the news surrounding the Pennsylvania case.

The water pressure system, which uses a Unitronics computing device, was quickly disabled after an alarm notified workers of the threat, and crews were able to maintain water pressure along the line, according to Mottes.

Across the country, the federal government is investigating a handful of other facilities hacked by the Iranian group, two people who were granted anonymity to discuss details that had not yet been made public told Politico.

In Pennsylvania, hackers who took control of the Aliquippa water pressure system announced they were targeting technology made in Israel, Politico reported. Photos from the site of the cyber attack published by Politico show hackers displayed an on-screen message saying, "Every equipment ‘Made in Israel’ is Cyber Av3ngers legal target," referring to Unitronics, an Israeli supplier of control and valve systems.

The attack in Pennsylvania thankfully did not impact "more critical components" that determine the amount of chemicals added to the water supply, Kilger sad.

"There's that much more potential for harm. So this should be a wake-up call," he said, adding that the pump system computing device was "low-hanging fruit."

"Attacks on our critical infrastructure like water are unacceptable," U.S. Rep. Chris Deluzio said following the incident, urging bipartisan support for "shoring up America's defenses" against cyber criminals.

Management at the Municipal Water Authority of Aliquippa was not able to be reached for contact.

Aliquippa has a population of about 9,200.

What is Cyber Av3ngers?

The cyber criminal group Cyber Av3ngers has targeted several water utility facilities in Israel, including most recently following the outbreak of the Israel-Hamas war.

Now, it appears the group's most recent round of cyber attacks are targeting Israeli water infrastructure technology at U.S. facilities, Kilger said.

"They've been around for a while, but these are sort of their recent attacks," Kilger said, adding that group is probably "trying to find other water systems that have equipment coming from Unitronics."

The group is able to locate facilities in the U.S. that use Unitronics computing devices by hunting for and identifying online data that's specific to that brand, according to Kilger.

In an online forum on the Unitronics website, at least two users reported similar incidents involving Unitronics technology, with one user posting a photo of an on-screen message matching the one found at the Pennsylvania facility.

Unitronics did not respond to a request for comment.

What motivates cyber criminals?

In the case of Cyber Av3ngers, the group is clearly motivated by the Israel-Hamas war that broke out last month, Kilger said. The Iranian government, which the group is believed to be tied to, has long sided with Hamas in conflicts involving Israel, acting in opposition to the U.S.

More broadly, Kilger said cyber criminals' motivations fall into six different areas:

  • Money

  • Ego

  • Entertainment

  • Political cause

  • Entrance to a social group

  • Status

"This one is very definitely cause," Kilger said, referring to the group's message that it intends to target equipment made in Israel.

Around the world, critical infrastructure is an "obvious" target for all hackers who want to disrupt and negatively impact physical processes people depend on, said Charles Henderson, IBM's global head of security threat research.

"Criminals first, then nation-states start asking, 'What can I do that has a real-world impact, that has the most dramatic effect?'" he said.

In 2021, the Colonial Pipeline was believed to have been the victim of criminal hackers, causing fuel-related panic along the East Coast, which is served by the pipeline.

Other water authorities respond to Aliquippa hack

This week, authorities in Morgantown, West Virginia, responded to concerns about the security of their water systems, saying they do not use the same technology targeted in Aliquippa, located about 90 miles north.

In Texas, forensic investigators are looking into a Tuesday attack against North Texas Municipal Water District.

Ransomware group Daixin Team claimed responsibility for the attack, the Dallas Morning News reported. Water service wasn't disrupted for the district's more than 2 million customers, the outlet said.

Consumer in the U.S. shouldn't be overly worried, Henderson said, because "there are a lot of people in the world who work very diligently" in the realm of cyber security, and are constantly strengthening defenses.

Contributing: Chrissy Suttles, Beaver County Times

This article originally appeared on USA TODAY: Iran's Cyber Av3ngers target Israel Unitronics devices in US