US Water Utilities Targeted by Hackers, Federal Investigators Confirm

On Dec 2, 2023

TL/DR –

Multiple water utilities in the US running the same industrial equipment have been breached by hackers, according to federal officials. The hackers, allegedly affiliated with Iran’s Islamic Revolutionary Guard Corps, breached less than 10 water facilities across the US by breaking into internet-connected devices with default passwords. While these breaches have not led to disruptions or threatened drinking water, they raised concerns due to their low-level execution and opportunistic nature.

Pensioners’ cyberattack on US water utilities reveals security vulnerability

Federal authorities confirm that multiple US water utilities running identical industrial equipment was compromised following a recent cyberattack on a Pennsylvania water utility. This revelation came from people privy to the situation who spoke to CNN.

In a briefing with Senate and House staffers, the federal Cybersecurity and Infrastructure Security Agency disclosed that hackers have infiltrated less than 10 water facilities across the US, all using the same Israeli-made computer system operating machinery at these facilities.

Although no disruptions at the water facilities or threats to drinking water were reported, the ease with which these hackers managed to deface computer screens has raised concerns among US officials.

Later on Friday, US and Israeli authorities issued an advisory acknowledging that hackers, linked to Iran’s Islamic Revolutionary Guard Corps, accessed several US-based water utilities operating the Israeli-made equipment, likely through internet-connected devices with default passwords.

The string of hacks became public a week ago, when a pro-Iran hacker group breached a Pittsburgh-area water utility’s management system for water pressure, displaying an anti-Israel message. The water utility, Municipal Water Authority of Aliquippa, serves about 15,000 people.

This week, the Cybersecurity and Infrastructure Security Agency (CISA), FBI, private experts, and water industry executives are trying to get other water utilities to disconnect their industrial equipment from the internet to prevent further cyberattacks.

According to Robert J. Bible, general manager of the compromised Pittsburgh-area water utility, the hacked equipment has been handed over to the FBI, and the utility is operating in manual mode until it can replace the equipment.

Facing 150,000 public water systems with limited resources to combat hacking threats, the US water sector is starting to feel the pressure. Rep. Chris Deluzio emphasized the urgency of the situation, stating, “Our frontline cyber warriors in many cases … are the local officials who serve at places like water companies.”

—
Read More US Political News