Monday, December 4, 2023

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

Cyber actors affiliated with the Islamic Revolutionary Guard Corps (IRGC) have been exploiting Programmable Logic Controllers (PLCs) in multiple sectors, including critical U.S. water and wastewater systems facilities. These activities, identified under the alert code AA23-335A, involve the targeting and compromising of Israeli-made Unitronics Vision Series PLCs. The PLCs, which are publicly exposed to the internet, are being compromised through the use of default passwords. In some cases, these PLCs may be rebranded and appear under different manufacturers and company names.

The Cybersecurity and Infrastructure Security Agency (CISA) has responded to these active exploitations, particularly focusing on PLCs used in the Water and Wastewater Systems (WWS) Sector. The threat actors, operating under the persona “CyberAv3ngers,” have been targeting PLCs associated with WWS facilities, including specific Unitronics PLCs at U.S. water facilities.

This situation underscores the importance of cybersecurity vigilance in critical infrastructure sectors. The use of default passwords on publicly exposed internet-connected devices presents a significant vulnerability that can be exploited by malicious actors. The advisory highlights the need for implementing multifactor authentication, using strong, unique passwords, and checking PLCs for default passwords as immediate actions to mitigate such malicious activities.

IoC

IPv4

  • 178.162.227.180

SHA256

  • 440b5385d3838e3f6bc21220caa83b65cd5f3618daea676f271c3671650ce9a3

SHA1

  • 66ae21571faee1e258549078144325dc9dd60303

MD5

  • ba284a4b508a7abd8070a427386e93e0

CVE

  • CVE-2023-22515

IPv4

  • 185.162.235.206

REFERENCES

  • https://www.aha.org/cybersecurity-government-intelligence-reports/2023-12-02-joint-cybersecurity-advisory-tlp-clear-irgc-affiliated-cyber-actors#:~:text=IRGC,PLCs
  • https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a#:~:text=IRGC,SUMMARY
  • https://www.cisa.gov/news-events/alerts/2023/12/01/cisa-and-partners-release-joint-advisory-irgc-affiliated-cyber-actors-exploiting-plcs#:~:text=IRGC,different%20manufacturers%20and%20company%20names
  • https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems#:~:text=CISA%20is%20responding%20to%20active,water%20facility
  • https://otx.alienvault.com/pulse/656de9ae8d88a6c091f68c3c

TAGS

cisa, plcs, israel, mitre att, cyberav3ngers, water, cpgs, irgc

at
Labels: , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

En el contexto creciente de convergencia entre sistemas industriales, inteligencia artificial (IA) y digitalización, la gestión del riesgo c...