The U.S. government is investigating multiple attacks on municipal water suppliers that, in one case, is believed to have been orchestrated by an Iranian government-linked hacking group.

The first attack occurred on Friday, Nov. 24, and involved the Municipal Water Authority of Aliquippa in Pennsylvania. A group going by the name of “Cyber Av3ngers” claimed responsibility, with the attack reportedly involving a remote water power station. Local reports suggest there was no threat to water supplies and that the utility switched to manual operation once the hack was detected.

A second attack targeted the North Texas Municipal Water District, a regional water supplier that provides wholesale water, wastewater treatment and solid waste services in northern Texas. In this case, the hacking group Daixin Team claimed responsibility, saying it had stolen data, including names, dates of birth, other personally identifiable information and internal documents.

In the case of the Texas attack, waste and waste treatment services were not interrupted. However, the provider did experience interruptions with its phone service.

Cyber Av3ngers is a known Iranian hacktivist group that has been associated with various cyberattacks, primarily targeting Israeli entities. The group has previously targeted Israeli water control sites, has breached the network of Bazan, an Israeli oil company and has caused power outages in the city of Yavneh in Israel.

According to Politico, the Municipal Water Authority of Aliquippa was using equipment made by Unitronics Corp., an Israeli-owned company. Cyber Av3ngers is also said to have taken over control panels on the water authority’s equipment and left the message “every equipment ‘Made in Israel’ is Cyber Av3ngers legal target.”

On the other hand, the Daixin Team hacking group’s origin is not as clear, but it does have an extensive history of hacking. The Cybersecurity and Infrastructure Agency issued a cybersecurity advisory about Daixin in October 2022, noting that it actively targets U.S. businesses, predominantly in the healthcare and public health sector, with ransomware and data extortion operations. Daixin’s previous attacks have been financially motivated versus having any apparent political motivation.

The Federal Bureau of Investigation, the Department of Homeland Security and CISA are among those agencies looking into the cases.

“The recent escalation in cyber attacks against America’s water utilities is a stark reminder that we need to do a better job protecting infrastructure that is critical to the everyday lives of regular people,” Geoff Mattson, chief executive officer of zero trust identity and access management company Xage Security Inc., told SiliconANGLE. “From foreign adversaries to financially-motivated ransomware gangs, cyber attackers have learned that critical infrastructure is vulnerable due to the use of legacy operational systems that don’t have sufficient native cybersecurity capabilities, and they’re taking full advantage.”

Mattson added that the attacks in Pennsylvania and North Texas “demonstrate that no matter the motive, critical infrastructure is in the crosshairs” and that “regardless of the reasoning, the fact that the adversaries were able to breach their IT and OT systems in the first place is concerning.”

Alex Heid, vice president of threat intelligence at security ratings company SecurityScorecard Inc., warned that the Cyber Av3ngers attack may be just the beginning.

“The recent incident at the Pennsylvania dam is part of a larger pattern of attacks claimed by Cyber Av3ngers,” Heid said. “The group’s communications on their Telegram channel suggest an intention to continue, and possibly escalate, their operations. The broader reality is that geopolitical conflicts will always extend into the cyber domain, where the lines between state actors, hacktivists and private entities are often blurred.”

Image: DALL-E 3