Two-day water outage in remote Irish region caused by pro-Iran hackers

Avatar

Residents of a remote area on Ireland’s west coast were left without water last week due to a cyberattack perpetrated by a pro-Iran hacking group targeting a piece of equipment the hackers complained was made in Israel.

The incident affected a private group water scheme in the rural Erris area of County Mayo, which has a total population of around 8,000 people spread out over just under 1,000 square kilometers — about 0.5% the population of Manhattan in an area 20 times its size.

“The attack saw outages for approximately 160 households over two days, and was as a result of the exploitation of a vulnerability in a particular type of programmable logic controller,” a spokesperson for Ireland’s Department of the Environment, Climate and Communications (DECC) told Recorded Future News on Monday.

The spokesperson added: “This exploitation was carried out on a global basis, and there is no suggestion that services in Ireland were specifically targeted. The NCSC [National Cyber Security Centre] and An Garda Síochána are engaging with the affected entity.”

The incident appears to be the latest perpetrated by the Cyber Av3ngers group, who local media reported had left a message on the affected computer network saying it had been conducted because the water system used the Israel-made Unitronics tool.

The Irish government said that the country’s NCSC has now “identified all of the equipment in Ireland vulnerable to this attack, and notified the owners.”

Last month, the U.S. federal government warned that it was responding to the active exploitation of Unitronics programmable logic controllers (PLCs) that are used by many organizations in the water sector.

The same PLCs are likely in use in other industries, including energy, food and beverage manufacturing, and healthcare. The devices are often exposed to the internet due to the remote nature of their control and monitoring functionalities, authorities and cybersecurity researchers have said.

Among those affected in the U.S. was the Municipal Water Authority of Aliquippa — which serves thousands of customers in communities northwest of Pittsburgh — although in that instance there was no loss of water service.

The attacks followed just a month after Republican lawmakers and water industry companies forced the U.S. Environmental Protection Agency (EPA) to back off efforts to add cybersecurity to annual state-led Sanitary Survey Programs that evaluate water systems across the U.S.

Lawsuits against the rules were backed by two powerful industry groups — the American Water Works Association and the National Rural Water Association— which argued that the EPA should allow utilities to create their own requirements.

On Monday, the U.S. Cybersecurity and Infrastructure Security Agency added the Unitronics bug to its Known Exploited Vulnerabilities catalog, assigning it CVE-2023-6448.

The advisory warned that “Unitronics Vision Series PLCs and HMIs [Human Machine Interfaces] use default administrative passwords.”

“An unauthenticated attacker with network access to a PLC or HMI can take administrative control of the system,” the agency said.

NewsGovernmentCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Long-running Clearview AI class action biometric privacy case settles

Next Post

TV service in UAE hacked to show alleged atrocities in Palestine

Related Posts

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper access control vulnerability has been identified in the SonicWall SonicOS management
Avatar
Read More

Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks

A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. "The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others,"
Avatar
Read More