Iranian hacker group CyberAv3ngers allegedly breach Municipal Water Authority of Aliquippa

The Municipal Water Authority of Aliquippa confirmed on Saturday that one of their booster stations had fallen victim to a cyber attack orchestrated by an Iranian-backed cyber group. The CyberAv3ngers hackers managed to gain control over the station, which is situated on the outskirts of the town. This particular station is responsible for monitoring and regulating pressure for Raccoon and Potter Townships. As a result of the breach, an alarm was triggered immediately.

Matthew Mottes, chairman of the board of directors for the Municipal Water Authority of Aliquippa, confirmed to KDKA-TV that the cyber group, known as CyberAv3ngers, took control of one of the stations. He stressed that there is no known risk to the drinking water or water supply.

The machine that was hacked uses a system called Unitronics, which Mottes says is software or has components that are Israeli-owned. 

For now, the system has been disabled, and members of the Pennsylvania State Police were called to the booster station on Saturday to begin a criminal investigation.

“I am closely monitoring this cyberattack on the Municipal Water Authority of Aliquippa. My office is in touch with leadership, which reports that there has been no loss of water service for folks,” Congressman Chris Deluzio, wrote in an X, formerly Twitter, message. “I intend to push for a full investigation here and accountability for the attackers, and I will continue the important bipartisan work on the House Armed Services Cyber, Information Technologies, and Innovation (CITI) Subcommittee to shore up America’s defenses,” he added. 

Known for targeting the critical infrastructure sector, the CyberAv3ngers group has recently claimed responsibility for a series of cyberattacks on Supervisory Control And Data Acquisition (SCADA) systems used in water treatment facilities, oil and gas stations, and electricity infrastructure. These attacks have been reported to have affected multiple locations globally, with 10 water treatment stations in Israel being targeted as of October 30, 2023.

“We (Cyber Av3ngers) have infiltrated to 10 Water treatment stations located in Hedera, Palmachim, Sorek, Ashkelon, Haifa, Chorazim, Kfar Haruv, Taberiye, Eilat and Daniyal,” the group wrote in their October X message.

Before the water treatment hack, the hackers said that they “hacked ORPAK Systems which is the provider of lots of gas stations across Israel.” They also claimed to have struck the country’s electricity infrastructure. 

In July, the Iranian hacktivist group known as ‘Cyber Avengers’ or ‘CyberAv3ngers’ claimed to have successfully breached BAZAN’s network. The group also released screenshots that appeared to be from BAZAN’s SCADA systems, which are software applications used for monitoring and operating industrial control systems.

Cyberattacks on critical infrastructure involve targeting systems that are vital for the functioning of a nation, including power grids, transportation networks, and water supply systems. By incapacitating these systems, adversaries can cause widespread chaos and severely hinder a nation’s ability to respond to emergencies.

The ongoing Israel-Hamas war has seen instances of cyber warfare. In one instance, a coordinated cyber attack occurred on October 6th at 7:20 pm. The pro-Iranian hacktivist group, Cyber Av3ngers, launched a DDoS attack against the electricity industry Independent System Operator, Noga. They later posted a screenshot of the website being unreachable, claiming responsibility for the attack. 

The hybrid warfare continued on October 7th at 7:30 am. Anonymous Sudan, a group of religiously and politically motivated hacktivists, launched DDoS attacks against the Red Color and AnonGhost hacktivist group. They spammed false missile alerts through exposed vulnerable APIs.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.