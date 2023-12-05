A member of the Red Hacker Alliance in Dongguan, China in August 2020 monitors cyberattacks around the world. Hacks have increased through the pandemic and the war in Ukraine - Copyright AFP/File Noel Celis

The U.S. federal government is investigating multiple hacks suspected to have been launched by an Iranian government-linked cyber group against U.S. water facilities that were using Israeli-made technology.

Considering this potentially incendiary piece of state backed espionage for Digital Journal is Alex Heid, VP of Threat Intelligence at SecurityScorecard.

Heid expresses concern over the nature of the attack and the technology that was deployed to cause the security breach. Here Heid recounts: “The recent cyberattack on a municipal water facility in Pennsylvania by the Cyber Av3ngers group marks another concerning escalation in the targeting of critical infrastructure. Open Source Intelligence (OSINT) suggests that this group is likely Iranian state-affiliated, operating under the guise of hacktivism, a pattern consistent with previous campaigns linked to Iran.”

Open-Source Intelligence (OSINT) is defined as intelligence produced by collecting, evaluating and analysing publicly available information with the purpose of answering a specific intelligence question.

Looking at the attack specific in greater detail, Heid notes: “Iranian state-affiliated hacking groups have been known for their involvement in defacements, distributed denial of service (DDoS) attacks, and targeting specific critical infrastructures for over a decade. One notable early example of such activity was the 2013 breach of the Bowman Dam in New York.”

In terms of the significance, Heid finds: “These groups have historically increased their activities during periods of international conflict, such as the current tensions between Israel and Palestine. The technical sophistication of their attacks has been evolving, particularly in exploiting PLC/SCADA systems, often targeting Israeli-designed systems.”

Considering the specific event, Heid finds: “The recent incident at the Pennsylvania Dam is part of a larger pattern of attacks claimed by Cyber Av3ngers. The group’s communications on their Telegram channel suggest an intention to continue, and possibly escalate, their operations. The broader reality is that geopolitical conflicts will always extend into the cyber domain, where the lines between state actors, hacktivists, and private entities are often blurred.”

CyberAv3ngers (also known as CyberAveng3rs, Cyber Avengers) is an Iranian IRGC cyber persona that has claimed responsibility for numerous attacks against critical infrastructure organizations.

As to what to make of what has happened and in consideration of the next phases: “This situation also shines a spotlight on significant cybersecurity challenges within the United States, especially at the local level. Local and municipal governments are often less equipped to defend against sophisticated cyber threats, making them attractive targets for state-sponsored actors.”

In a final assessment of lesson to be learned, Heid indicates: “As these threats continue to evolve, the need for continuous monitoring of the threat landscape, increased vigilance at the perimeter, and preparedness for the eventuality of an incident.”