Iran-Labeled Hackers Conduct PLC-Based Cyberattacks on US Critical Infrastructure

Post Views: 7

Critical Infrastructure Disrupted by Iran-Linked Hackers Through PLC Attacks

The United States’ critical infrastructure sectors have recently faced disruptions due to cyberattacks attributed to Iranian-linked threat actors.

Facts and Analysis

According to a joint advisory issued by federal agencies, the attacks have impacted operational technology (OT) devices, specifically programmable logic controllers (PLCs).

These devices, primarily manufactured by Rockwell Automation/Allen-Bradley, are widely used across various sectors, including Government Services, Water and Wastewater Systems, and Energy Sectors.

Iranian-Linked Threat Actors

The Iranian-linked threat actors, resembling those behind the CyberAv3ngers group, have exploited vulnerabilities in PLCs to disrupt operations and manipulate data displayed on human-machine interface (HMI) and supervisory control and data acquisition (SCADA) displays.

This activity is consistent with previous operations attributed to Iranian-linked groups, which have targeted industrial control systems (ICS) at water utilities in the United States and Ireland, leaving individuals without access to essential services.

“Federal agencies warn that these attacks demonstrate a clear escalation of Iranian-linked operations and urge organizations to assume they may be targeted.”

Mitigation Measures

Federal agencies warn that these attacks demonstrate a clear escalation of Iranian-linked operations and urge organizations to assume they may be targeted.

They recommend reviewing tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) provided in the advisory to identify potential signs of compromise on their networks.

Organizations are advised to apply mitigation measures to reduce the risk of compromise, as outlined in the advisory.

Recent Incidents

The CyberAv3ngers group, linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), has been involved in significant attacks on the water sector, including the disruption of a water utility in Ireland and another in Pennsylvania.

Additionally, the group has used popular chatbots like OpenAI’s ChatGPT to plan and execute ICS attacks.

Indicators of Compromise (IOCs)

* AA26-097A STIX XML
* AA26-097A STIX JSON

These IOCs are provided by the federal agencies to aid in identifying and mitigating potential compromises. Organisations should carefully review these indicators and implement appropriate countermeasures to protect their networks and systems.

Conclusion

This situation highlights the increasing threat posed by Iranian-linked threat actors to the United States’ critical infrastructure sectors. As such, organisations should remain vigilant and proactive in addressing potential security risks.