Today, CISA, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD) released a joint Cybersecurity Advisory (CSA) IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors in response to the active exploitation of Unitronics programmable logic controllers (PLCs) in multiple sectors, including U.S. Water and Wastewater Systems (WWS) facilities, by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated advanced persistent threat (APT) cyber actors.
IRGC-affiliated cyber actors using the persona “CyberAv3ngers” are actively targeting and compromising Israeli-made Unitronics Vision Series PLCs that are publicly exposed to the internet, through the use of default passwords. The PLCs may be rebranded and appear as different manufacturers and company names.
All organizations, including U.S. Water and Wastewater Systems Facilities, are encouraged to review this joint CSA and implement the recommended actions and mitigations. The mitigations are based on threat actor activity against Unitronics PLCs but apply to all internet-facing PLCs.