Inside the Cyber Av3ngers Global PLC Hack

/in


There is perhaps no organization that better embodies the true spirit of a villain like the hacktivist group. Ripped from the pages of a graphic novel, these organizations are as altruistic in the motives as they are ruthless in getting results. Fueled by an unwavering belief in a cause that they know is right, these groups are bold, intelligent and dangerous. 

One such case is a group that goes by the name of the Cyber Av3ngers. The Iran-affiliated group has been vehement in their anti-Israel stance, using social media to propagate a narrative that the social and economic issues of the region are the result of corrupt and over-zealous military action by Israel. 

The group first registered on the cybersecurity radar in September of last year, taking credit for attacks against Israeli infrastructure and tech companies that were widely disputed. However, in November a municipal water authority in Pennsylvania revealed that they had been the victim of a Cyber Av3ngers attack that compromised OT assets by accessing the organization’s programmable logic controllers. 

The attack was made possible by exploiting poor password protocols and unsecure internet connections. According to several reports, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Cyber Av3ngers utilized basic techniques to scan the internet, identify the devices made by Israel-based Unitronics, and then log in using default credentials that were never changed during implementation.

For those unfamiliar with PLCs, these devices are used help control and monitor various production processes, and can include regulating the functionality of instrumentation and automation equipment. By obtaining access to the PLC, a hacker has a way into the industrial control system and, depending on the level of segmented cyber defense, potentially unlimited control of the production facility or enterprise. It’s a gateway into critical OT systems. 

In this instance, the group could have turned pumps on or off to control water supply, or infiltrated key operational systems that impact water treatment. Fortunately, the utility in question was able to identify the attack quickly…

Source…