Cyber Threat Report: 'IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities'
| Report Author | CISA |
|---|---|
| Publication Date | 2023-12-01 |
| Original Reporting | Source |
| Attributed to Nation | Iran |
| Related Intrusion Sets | CyberAv3ngers |
| Related Threat Actors | Islamic Revolutionary Guard Corps (IRGC) |
| Identified CVEs | CVE-2023-6448 |
| Victim Sectors | Water |
This advisory from CISA and partners describes activity by IRGC-affiliated cyber actors "CyberAv3ngers". According to the advisory, the CyberAv3ngers have been observed exploiting Unitronics Vision Series PLCs in multiple sectors, including U.S. water and wastewater systems. To defend against this threat, the advisory recommends implementing multifactor authentication, using strong passwords, and checking PLCs for default passwords to mitigate malicious activity. The advisory includes technical details like IOCs and TTPs associated with the group, and references to the MITRE ATT&CK framework for further guidance.
Cyber Threat Graph Context
Explore how this report relates to the wider threat graph
Mitigations to defend against the techniques in this report
Account Use Policies
Configure features related to account use like login attempt lockouts, specific login times, etc.User Account Management
Manage the creation, modification, use, and permissions associated to user accounts.Password Policies
Set and enforce secure password policies for accounts.Multi-factor Authentication
Use two or more pieces of evidence to authenticate to a system; such as username and password in addition to a token from a physical smart card or token generator.Identified MITRE ATT&CK Techniques
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1110 | Brute Force | Credential Access |