December 2, 2023

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

December 2, 2023

What we know so far

The joint Cybersecurity Advisory issued by the FBI, CISA, NSA, EPA, and INCD warns of ongoing cyber attacks by Iranian IRGC-affiliated actors, using the persona "CyberAv3ngers," against operational technology devices, particularly Israeli-made Unitronics Vision Series PLCs utilized in various industries including water, energy, and healthcare. These attacks, which have been ongoing since at least November 22, 2023, involve compromising devices and leaving defacement messages. The advisory, which follows a CISA Alert, aims to share indicators of compromise and tactics used by these actors and urges organizations, especially in critical infrastructure, to apply recommended mitigations to reduce the risk of compromise.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories