The Cybersecurity and Infrastructure Security Agency issued an alert on Dec. 1 warning the public about malicious actors currently exploiting Israeli-made programmable logic controllers used in a variety of industries, including the water and wastewater systems of the U.S.
Cyber actors affiliated with the Iranian Government Islamic Revolutionary Guard Corps using the persona “CyberAv3ngers” have been found to be targeting internet-facing Unitronics Vision Series PLCs whose default passwords have not been changed, CISA said Friday.
Exploits have been ongoing since at least Nov. 22, according to the joint cybersecurity advisory that CISA, the FBI, the National Security Agency, the Environmental Protection Agency and the Israel National Cyber Directorate disseminated alongside the alert.
Unitronics users from multiple U.S. states have been victimized.
CISA is calling on organizations to review the joint CSA and implement its recommendations, which include replacing default PLC passwords with strong ones, implementing multi-factor authentication and setting up firewalls or virtual networks to control access to the PLCs.
