US water facilities under attack, cyber agency warns

By

Unitronix PLC users burned by default password.

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning users of a popular programmable logic controller (PLC) to check the security of their units, after seeing attack activity it attributes to Iranian threat actors.

US water facilities under attack, cyber agency warns

CISA has identified attacks from actors affiliated with the Iranian government’s Islamic Revolutionary Guard Corps (IRGC), exploiting the default admin password “1111” on Unitronix PLCs, attacking over the units’ default TCP port 20256.

Most of the observed activity has involved defacement of target units with anti-Israel messages; however, CISA said more serious compromise may have happened.

The agency’s advisory said the attacks targeted Unitronix Vision series PLCs with human machine interfaces (HMI).

The campaign began in October, when the attackers used a Telegram channel to claim credit for compromising targets in Israel; and since at least November 22, they turned their attention to targets in “multiple US states”.

A few days before the latest advisory, CISA issued this warning against PLC attacks.

It noted that one US municipality had reverted to manual operation of some of its water facilities after a PLC was compromised.

As well as changing all passwords on vulnerable systems, CISA recommended multifactor authentication be implemented on all operational technology.

Where PLCs have to be exposed to the internet, CISA said, they should be behind firewalls, and users should consider implementing a list of IP addresses allowed to access them.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Eagers Automotive finds unauthorised access to parts of IT systems

Eagers Automotive finds unauthorised access to parts of IT systems

Hackers hit Victoria's court recording database

Hackers hit Victoria's court recording database

St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent's Health Australia warns cyber attack forensics could "take some time"

Yakult Australia confirms cyber incident

Yakult Australia confirms cyber incident

Log In

  |  Forgot your password?