CISA: CISA and Partners Release Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs

cisa logo 002

CISA and Partners Release Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs


Today, CISA, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD) released a joint Cybersecurity Advisory (CSA) IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors in response to the active exploitation of Unitronics programmable logic controllers (PLCs) in multiple sectors, including U.S. Water and Wastewater Systems (WWS) facilities, by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated advanced persistent threat (APT) cyber actors. 

IRGC-affiliated cyber actors using the persona “CyberAv3ngers” are actively targeting and compromising Israeli-made Unitronics Vision Series PLCs that are publicly exposed to the internet, through the use of default passwords. The PLCs may be rebranded and appear as different manufacturers and company names. 

All organizations, including U.S. Water and Wastewater Systems Facilities, are encouraged to review this joint CSA and implement the recommended actions and mitigations. The mitigations are based on threat actor activity against Unitronics PLCs but apply to all internet-facing PLCs.

 


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.