{"id":2122,"date":"2023-11-30T23:27:22","date_gmt":"2023-11-30T23:27:22","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=78319"},"modified":"2023-11-30T23:27:22","modified_gmt":"2023-11-30T23:27:22","slug":"anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/11\/30\/anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices\/","title":{"rendered":"Anti-Israel hacking campaign highlights danger of internet-connected devices"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v20.5 (Yoast SEO v20.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Anti-Israel hacking campaign highlights danger of internet-connected devices | CyberScoop<\/title> <meta name=\"description\" content=\"The Iran-linked Cyber Av3ngers hacking crew has targeted water facilities in Pennsylvania and elsewhere in the United States.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cyber-av3ngers-israel-iran\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Anti-Israel hacking campaign highlights danger of internet-connected devices\"> <meta property=\"og:description\" content=\"The Iran-linked Cyber Av3ngers hacking crew has targeted water facilities in Pennsylvania and elsewhere in the United States.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cyber-av3ngers-israel-iran\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-11-30T23:27:22+00:00\"> <meta property=\"article:modified_time\" content=\"2023-11-30T23:27:23+00:00\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices-1.jpg\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1699561119g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1700978938g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1698989400g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7dab012cdc88b5676610\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/78319\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=78319\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcyber-av3ngers-israel-iran%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcyber-av3ngers-israel-iran%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-78319 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cyber-av3ngers-israel-iran\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.149681528662\">\n<div class=\"single-article__header-content\" readability=\"29.819277108434\">\n<p> The Iran-linked Cyber Av3ngers hacking crew has targeted water facilities in Pennsylvania and elsewhere in the United States. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices.jpg?resize=640%2C426&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices-1.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices-1.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices-1.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices-1.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices-1.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices-1.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices-1.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices-1.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/anti-israel-hacking-campaign-highlights-danger-of-internet-connected-devices-1.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> SURREY, ENGLAND &#8211; JUNE 2006: Twenty water clarifiers continue the process of water purification at this Waste Water Treatment Plant near Camberley in this aerial photo taken on 23rd June 2006. (David Goddard\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"41.581703244275\"><body readability=\"84.773216031281\"><\/p>\n<p>When hackers linked to Iran penetrated a programmable logic controller at a <a href=\"https:\/\/cyberscoop.com\/pennsylvania-water-facility-hack-iran\/\">water pumping station in Pennsylvania<\/a> last weekend, they had their pick of a huge number of such devices connected to the internet. <\/p>\n<p>The operation by the so-called Cyber Av3ngers \u2014 a group linked to Iran\u2019s Islamic Revolutionary Guard Corps that is known for overstating the impact of their attacks \u2014 targeted a device made by the Israeli firm Unitronics. Among the firm\u2019s global customer base, there are some 1,800 Unitronics devices facing the internet, and experts caution that the incident involving the Municipal Water Authority of Aliquippa, Pa., highlights the huge risk of internet-connected devices in industrial facilities. <\/p>\n<p>It remains unclear how many water utilities are affected by the Cyber Av3ngers campaign. As U.S. investigators continue to probe the incident, a government official familiar with the matter said that they believe the number of affected facilities are in the single digits, a figure <a href=\"https:\/\/www.politico.com\/news\/2023\/11\/28\/federal-government-investigating-multiple-hacks-of-us-water-utilities-00128977\">first reported by Politico<\/a>. <\/p>\n<p>On Tuesday, Pennsylvania lawmakers <a href=\"https:\/\/deluzio.house.gov\/sites\/evo-subsites\/deluzio.house.gov\/files\/evo-media-document\/112823-delegation-letter-to-doj-on-aliquippa-water-authority.pdf\">wrote to Attorney General Merrick Garland<\/a>, urging a federal investigation into the attack against the water facility.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cAny attack on our nation\u2019s critical infrastructure is unacceptable. If a hack like this can happen here in Western Pennsylvania, it can happen elsewhere in the United States,\u201d said Sens. Bob Casey, D-Pa. and John Fetterman, D-Pa., and Rep. Chris Deluzio, D-Pa. \u201cFolks in Pennsylvania and across the country deserve peace of mind that basic infrastructure such as their drinking water is safe from nation-state adversaries and terrorist organizations.\u201d<\/p>\n<p>Amid fighting in Gaza in the aftermath of the Oct. 7 attack by Hamas, the Cyber Av3ngers have declared all Israeli targets to be fair game. That\u2019s opened up clients of Unitronics to attack, even if the operations so far have had minimal impact. Among the reported victims are a brewery in Pittsburgh, an aquarium, and four water facilities, <a href=\"https:\/\/beavercountian.com\/content\/special-coverage\/cyber-army-promises-more-attacks-as-fbi-ny-takes-aliquippa-case\">according to a local media report<\/a>.<\/p>\n<p>The Pennsylvania water facility switched to manual operations, and the Pittsburgh brewery called external support. Both continue to provide clean water and brews, respectively, to their customers.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><\/figure>\n<p>On Wednesday, the Cybersecurity and Infrastructure Security Agency warned about the campaign targeting Unitronics and urged critical infrastructure owners and operators to take basic security precautions, such as removing devices from the open internet and changing default ports and passwords \u2014 \u201c1111\u201d in the case of Unitronics.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The alert noted that the Pennsylvania water facility had poor security practices that led to the breach.<\/p>\n<p>CISA has <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa20-205a\">long campaigned<\/a> for operational technology to be taken offline if possible. A 2020 CISA alert highlighted a cyberattack on an <a href=\"https:\/\/cyberscoop.com\/israel-cyberattacks-water-iran-yigal-unna\/\">Israeli water facility<\/a> that was carried out by exploiting internet-connected industrial equipment.<\/p>\n<p>A search on Shodan, a website that tracks devices online, shows that there are 285 devices of the type targeted by the Cyber Av3ngers in Pennsylvania that are connected to the internet globally. Of those, 30 are in the United States. All 285 devices use the default port exploited by the hacking group.<\/p>\n<p>To be sure, Shodan searches are by their nature imprecise, with frequent changes in the number of internet-connected devices. <\/p>\n<p>According to CISA, the group is targeting multiple types of Unitronics devices. Globally, there are approximately 1,800 Unitronics PLCs that face the internet, according to a <a href=\"https:\/\/s1.ai\/Av3ngers\">SentinelOne report<\/a> released Thursday. Of the Unitronics devices targeted at the Pittsburgh brewery, a Shodan search reveals 67 devices in the United States and 234 globally that are connected to the internet. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/cyber-av3ngers-israel-iran\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Anti-Israel hacking campaign highlights danger of internet-connected devices | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[452,513,1240,514,288,1066],"tags":[454,517,1242,518,294,1067],"class_list":["post-2122","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-and-infrastructure-security-agency-cisa","category-iran","category-irgc","category-israel","category-threats","category-water-sector","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-iran","tag-irgc","tag-israel","tag-threats","tag-water-sector"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iran\/\" rel=\"category tag\">Iran<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/irgc\/\" rel=\"category tag\">IRGC<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/israel\/\" rel=\"category tag\">Israel<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/water-sector\/\" rel=\"category tag\">water sector<\/a>","tag_info":"water sector","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2122","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2122"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2122\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2122"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2122"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}