Iran-Backed Cyber Av3ngers Escalates Campaigns Against U.S. Critical Infrastructure
Cyber Security Threat Summary:
The Iran-backed Cyber Av3ngers, affiliated with the IRGC, has been actively exploiting Programmable Logic Controllers (PLCs) in Water and Wastewater treatment plants, targeting critical infrastructure installations in the U.S. The group, known for making false claims, initiated attacks on various water authorities, an aquarium, and a brewery. They focus on Unitronics PLCs, leveraging open source tools and exploiting vulnerabilities. The recent campaign expanded to target critical infrastructure globally, particularly those using equipment associated with Israel.
Security Officer Comments:
In light of the recent report on these attacks, it is advised that defenders swiftly address vulnerabilities. This involves changing default passwords, implementing Multi-Factor Authentication (MFA), disconnecting Programmable Logic Controllers (PLCs) from the internet, and ensuring firmware is up-to-date. The opportunistic nature of this threat emphasizes the crucial need for proactive cybersecurity measures to thwart potential harm to critical infrastructure.
Link(s):
https://www.sentinelone.com/blog/