Iranian hackers are targeting US energy and water sectors, federal agencies warn - Politico

Programmable logic controllers developed by software manufacturer Rockwell Automation/Allen-Bradley are actively being exploited, and PLCs from other companies are potentially being targeted as well, according to the advisory. The agencies advised all U.S. organizations to remove the control software from direct internet exposure and check available logs for “suspicious traffic.” If an organization uses Rockwell Automation devices, the agencies recommend contacting the company if the organization may have been targeted. The advisory does not specify which Iranian hacking group is behind the attacks, only noting that “Iranian-affiliated advanced persistent threat actors” were targeting U.S. critical infrastructure organizations with the intent to “cause disruptive effects.” The agencies noted that the attacks bear a resemblance to cyberattacks in 2023 carried out by the Iranian hacking group CyberAv3ngers. The group, affiliated with Iran’s Islamic Revolutionary Guard Corps, hacked into and defaced Israeli-made digital control panels at multiple U.S. water treatment facilities in Pennsylvania. These incidents occurred shortly after the Oct. 7, 2023, attack on Israel by Hamas militants and after subsequent strikes by Israeli forces in the Gaza Strip. The advisory noted that the attacks were likely due to the ongoing U.S.-Israeli war on Iran, stating that “Iranian-affiliated APT targeting campaigns against U.S. organizations have recently escalated, likely in response to hostilities.” Kimberly Mielcarek — vice president of the North American Electric Reliability Corporation, which runs the Electricity Information Sharing and Analysis Center — said on Tuesday that the organization sent an “all-points bulletin” to energy sector members about the threat, encouraging “industry vigilance.” “Our Watch Operations team is actively monitoring the grid, while we continue to coordinate closely with the Department of Energy, the Electricity Subsector Coordinating Council, and our federal and provincial partners,” Mielcarek said. One industry source with knowledge of the incidents, granted anonymity to discuss non-public details, said the companies had been given a heads-up by two federal agencies in advance of the advisory going out. They noted the Department of Energy was involved in responding to the breaches. “Protecting America’s critical energy infrastructure is a top priority for the U.S. Department of Energy,” a spokesperson for DOE told POLITICO in a statement, adding that the department worked closely with the other federal agencies on “critical recommendations to U.S. organizations on how to implement specific mitigations to improve their cybersecurity posture against cyber actors.” The exact targets of the attack were not immediately clear. CISA added a major vulnerability in Rockwell industrial control systems to its catalog of known vulnerabilities in early March, an exploit that specifically impacts PLCs. Ed Moreland, vice president of government affairs and corporate communications at Rockwell Automation, said in a statement that the company “takes seriously the security of its products and solutions and has been closely coordinating with government agencies” on the advisory. Acting CISA Director Nick Andersen told reporters last month that CISA had “not seen a rise in threat actor activity” linked to Iran since the war began, but that the agency was working with industry to track the threat. Nuclear rockets, moon bases and NASA’s Mars plan Digital Future Daily How the next wave of technology is upending the global economy and its power structures EMAIL EMPLOYER JOB TITLE By signing up, you acknowledge and agree to our Privacy Policy and Terms of Service. You may unsubscribe at any time by following the directions at the bottom of the email or by contacting us here. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. SIGN UP