Industrial Control Systems Cyber Emergency Response TeamAA23-335AIRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
92.1%
Actions to take today to mitigate malicious activity:
- Implement multifactor authentication.
- Use strong, unique passwords.
- Check PLCs for default passwords.
References
cwe.mitre.org/data/definitions/798.html
www.fbi.gov/contact-us/field-offices
attack.mitre.org/versions/v14/matrices/enterprise/
attack.mitre.org/versions/v14/techniques/T1110/
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a
downloads.unitronicsplc.com/Sites/plc/Visilogic/Version_Changes-Bug_Reports/VisiLogic%209.9.00%20Version%20changes.pdf
github.com/cisagov/Decider/
github.com/cisagov/Decider/
industrialcyber.co/analysis/digital-battlegrounds-evolving-hybrid-kinetic-warfare/
industrialcyber.co/analysis/digital-battlegrounds-evolving-hybrid-kinetic-warfare/
industrialcyber.co/analysis/digital-battlegrounds-evolving-hybrid-kinetic-warfare/
nvd.nist.gov/vuln/detail/CVE-2023-6448
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/CyberAveng3rs/status/1718970041616543922
twitter.com/CyberAveng3rs/status/1718970041616543922
twitter.com/intent/tweet?text=IRGC-Affiliated%20Cyber%20Actors%20Exploit%20PLCs%20in%20Multiple%20Sectors%2C%20Including%20U.S.%20Water%20and%20Wastewater%20Systems%20Facilities+https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a
www.bleepingcomputer.com/news/security/israels-largest-oil-refinery-website-offline-after-ddos-attack/
www.bleepingcomputer.com/news/security/israels-largest-oil-refinery-website-offline-after-ddos-attack/
www.cbsnews.com/pittsburgh/news/municipal-water-authority-of-aliquippa-hacked-iranian-backed-cyber-group/
www.cbsnews.com/pittsburgh/news/municipal-water-authority-of-aliquippa-hacked-iranian-backed-cyber-group/
www.cbsnews.com/pittsburgh/news/municipal-water-authority-of-aliquippa-hacked-iranian-backed-cyber-group/
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/cyber-resource-hub
www.cisa.gov/known-exploited-vulnerabilities-catalog
www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping
www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping
www.cisa.gov/resources-tools/resources/secure-by-design
www.cisa.gov/resources-tools/resources/secure-by-design
www.cisa.gov/securebydesign
www.cisa.gov/securebydesign
www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/iran
www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/iran
www.cisa.gov/topics/cyber-threats-and-advisories/cyber-hygiene-services
www.cisa.gov/water
www.cisa.gov/water
www.darkreading.com/cyberattacks-data-breaches/israeli-oil-refinery-taken-offline-pro-iranian-attackers
www.darkreading.com/cyberattacks-data-breaches/israeli-oil-refinery-taken-offline-pro-iranian-attackers
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.epa.gov/waterresilience/epa-cybersecurity-water-sector
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a&title=IRGC-Affiliated%20Cyber%20Actors%20Exploit%20PLCs%20in%20Multiple%20Sectors%2C%20Including%20U.S.%20Water%20and%20Wastewater%20Systems%20Facilities
www.fbi.gov/investigate/counterintelligence/the-iran-threat
www.fbi.gov/investigate/counterintelligence/the-iran-threat
www.ic3.gov/
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a
www.oig.dhs.gov/
www.unitronicsplc.com/cyber_security_vision-samba/
www.unitronicsplc.com/cyber_security_vision-samba/
www.usa.gov/
www.waterisac.org/report-incident
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=IRGC-Affiliated%20Cyber%20Actors%20Exploit%20PLCs%20in%20Multiple%20Sectors%2C%20Including%20U.S.%20Water%20and%20Wastewater%20Systems%20Facilities&body=www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
92.1%