Breaches by Iran-affiliated hackers spanned multiple US states, federal agencies say

This photo provided by the Municipal Water Authority of Aliquippa shows the screen of a Unitronics device that was hacked in Aliquippa, Pa., on Saturday, Nov. 25, 2023. (AP)
Short Url
Updated 03 December 2023
Follow

Breaches by Iran-affiliated hackers spanned multiple US states, federal agencies say

  • Since the beginning of the Israel-Hamas war, the group has expanded and accelerated targeting Israeli critical infrastructure, said Check Point’s Sergey Shykevich

HARRISBURG, Pennsylvania: A small western Pennsylvania water authority was just one of multiple organizations breached in the United States by Iran-affiliated hackers who targeted a specific industrial control device because it is Israeli-made, US and Israeli authorities say.
“The victims span multiple US states,” the FBI, the Environmental Protection Agency, the Cybersecurity and Infrastructure Security Agency, known as CISA, as well as Israel’s National Cyber Directorate said in an advisory emailed to The Associated Press late Friday.
They did not say how many organizations were hacked or otherwise describe them.
Matthew Mottes, the chairman of the Municipal Water Authority of Aliquippa, which discovered it had been hacked on Nov. 25, said Thursday that federal officials had told him the same group also breached four other utilities and an aquarium.
Cybersecurity experts say that while there is no evidence of Iranian involvement in the Oct. 7 attack into Israel by Hamas that triggered the war in Gaza they expected state-backed Iranian hackers and pro-Palestinian hacktivists to step up cyberattacks on Israeli and its allies in its aftermath. And indeed that has happened.
The multiagency advisory explained what CISA had not when it confirmed the Pennsylvania hack on Wednesday — that other industries outside water and water-treatment facilities use the same equipment — Vision Series programmable logic controllers made by Unitronics — and were also potentially vulnerable.
Those industries include “energy, food and beverage manufacturing and health care,” the advisory says. The devices regulate processes including pressure, temperature and fluid flow.
The Aliquippa hack promoted workers to temporarily halt pumping in a remote station that regulates water pressure for two nearby towns, leading crews to switch to manual operation. The hackers left a digital calling card on the compromised device saying all Israeli-made equipment is “a legal target.”
The multiagency advisory said it was not known if the hackers had tried to penetrate deeper into breached networks. The access they did get enabled “more profound cyber physical effects on processes and equipment,” it said.
The advisory says the hackers, who call themselves “Cyber Av3ngers,” are affiliated with Iran’s Islamic Revolutionary Guards Corps, which the US designated as a foreign terrorist organization in 2019. The group targeted the Unitronics devices at least since Nov. 22, it said.
An online search Saturday with the Shodan service identified more than 200 such Internet-connected devices in the US and more than 1,700 globally.
The advisory notes that Unitronics devices ship with a default password, a practice experts discourage as it makes them more vulnerable to hacking. Best practices call for devices to require a unique password to be created out of the box. It says the hackers likely accessed affected devices by “exploiting cybersecurity weaknesses, including poor password security and exposure to the Internet.”
Experts say many water utilities have paid insufficient attention to cybersecurity.
In response to the Aliquippa hack, three Pennsylvania congressmen asked the US Justice Department in a letter to investigate. Americans must know their drinking water and other basic infrastructure is safe from “nation-state adversaries and terrorist organizations,” US Sens. John Fetterman and Bob Casey and US Rep. Chris Deluzio said. Cyber Av3ngers claimed in an Oct. 30 social media post to have hacked 10 water treatment stations in Israel, though it is not clear if they shut down any equipment.
Since the beginning of the Israel-Hamas war, the group has expanded and accelerated targeting Israeli critical infrastructure, said Check Point’s Sergey Shykevich. Iran and Israel were engaged in low-level cyberconflict prior to the Oct. 7. Unitronics has not responded to the AP queries about the hacks.
The attack came less than a month after a federal appeals court decision prompted the EPA to rescind a rule that would have obliged USpublic water systems to include cybersecurity testing in their regular federally mandated audits. The rollback was triggered by a federal appeals court decision in a case brought by Missouri, Arkansas and Iowa, and joined by a water utility trade group.
The Biden administration has been trying to shore up cybersecurity of critical infrastructure — more than 80 percent of which is privately owned — and has imposed regulations on sectors including electric utilities, gas pipelines and nuclear facilities. But many experts complain that too many vital industries are permitted to self-regulate.

 


Ukraine military destroys Russian surveillance plane — air force commander

Updated 2 sec ago
Follow

Ukraine military destroys Russian surveillance plane — air force commander

KYIV: Ukraine’s military on Friday destroyed a Russian A-50 surveillance aircraft, Air Force Commander Mykola Oleshchuk said, the second time in a little more than a month that Ukraine has reported downing the sophisticated plane.
“The A-50 with the call sign ‘Bayan’ has flown its last!” Oleshchuk wrote on the Telegram messaging app.
Interfax Ukraine news agency quoted military sources as saying the A-50 was downed over Russian territory, between the cities of Rostov-on-Don and Krasnodar. The operation was carried out, it said, by the air force and the intelligence directorate.
Russian news agencies quoted emergency services in southern Krasnodar region as saying that fragments of an aircraft were found in marshland in Kanevskoy district and firefighters extinguished a blaze.
The report made no reference to the A-50.
Ukraine’s military in January said its air force destroyed a Russian Beriev A-50 surveillance plane and an Ilyushin Il-22 airborne command post in the Sea of Azov.
The A-50, which first came into service near the end of the Soviet era, is a large airborne early warning and control aircraft that can scan several hundred kilometers for enemy aircraft, ships and missiles.
Kyrylo Budanov, head of Ukraine’s military intelligence directorate, told the Financial Times a month ago that Russia had eight A-50s at that time.

Spanish politician shot in Madrid points finger at Iran

Updated 23 February 2024
Follow

Spanish politician shot in Madrid points finger at Iran

  • Alejo Vidal-Quadras was shot in the face in broad daylight near his home in the upscale Salamanca neighbourhood on November 9 by a motorcycle passenger
  • "I have no doubt that it was the Iranian regime," the 78-year-old, who was European Parliament vice-president between 2009 and 2014, told a news conference

MADRID: A right-wing Spanish politician who was shot in November in Madrid on Friday accused Iran of being behind his attempted murder during his first public appearance since the attack.
Alejo Vidal-Quadras, a founder of Spain's far-right Vox party and former head of its centre-right People's Party in Catalonia who has long supported Iran's opposition movement, was shot in the face in broad daylight near his home in the upscale Salamanca neighbourhood on November 9 by a motorcycle passenger.
"I have no doubt that it was the Iranian regime," the 78-year-old, who was European Parliament vice-president between 2009 and 2014, told a news conference in the Spanish capital.
Tehran has "a long tradition, a track record, of extraterritorial terrorist activities" against "dissidents and against foreigners who support then," he added, without offering any proof to back up his claim.
Four people have been arrested as part of the investigation into the shooting, but the suspected gunman -- a French national of Tunisian origin with several previous convictions in France, remains at large.
Police have not commented on a possible motive for the shooting.
Vidal-Quadras, who already pointed the finger at Iran when he was questioned by police after the shooting, said it was a "miracle" that he survived.
"I made a movement of my head that meant that the shot, which was supposed to be fatal, was not," he said.
The bullet entered one side of his jaw and exited the other, and Vidal-Quadras spent time in hospital recovering from a jaw fracture.
"The detonation sounded like a thunderclap in my head, in fact I have a perforated eardrum, and I started bleeding, it caused a puddle on the floor," he said.
Vidal-Quadras said he believes the quick intervention of a passer-by, who stopped the bleeding with a piece of clothing, saved his life.
He said he has suffered from after-effects since the shooting, including "some paralysis of the facial muscles".
Vidal-Quadras, a top member of the International Committee in Search of Justice which supports the "Iranian resistance", has long called for the international community to harden its position towards Iran.


Five migrants die as boat capsizes during rescue off Malta

Updated 23 February 2024
Follow

Five migrants die as boat capsizes during rescue off Malta

  • Some 21 migrants were rescued and taken to a migrant center
  • They are believed to be from Syria, Eritrea, Ethiopia and Egypt

VALLETTA, Malta: Five migrants, including a woman, died when their boat capsized as they were being rescued off Malta on Friday, the island’s armed forces said.
Another eight were injured and taken to hospital, including two who swallowed a considerable amount of seawater and fuel.
Armed Forces of Malta deputy commander Col. Edric Zahra told reporters that the incident happened at about midday when the eight-meter (26-ft) boat was four miles (6.5 km) south of Malta.
Some 21 migrants were rescued and taken to a migrant center. They are believed to be from Syria, Eritrea, Ethiopia and Egypt.
Mediterranean sea crossings from North Africa to Italy or Malta are among the most dangerous migration routes in the world. Last year almost 2,500 migrants died or went missing on those routes, the International Organization for Migration says.
The vast majority of migrants head for Italy. Malta’s armed forces rescued 380 migrants at sea last year, Home Affairs Minister Byron Camilleri said in parliament in January.


Russia says its forces push further west after taking Ukraine’s Avdiivka

Updated 23 February 2024
Follow

Russia says its forces push further west after taking Ukraine’s Avdiivka

  • Russian forces had also destroyed a number of Western-provided Ukrainian weapons
  • The frontlines in the war had not shifted substantially since late 2022 before the taking of Avdiivka

MOSCOW: Russian forces have advanced further to the west after taking control of the Ukrainian town of Avdiivka, the defense ministry said on Friday.
It said Russian forces had also destroyed a number of Western-provided Ukrainian weapons in the past week including seven British-supplied Storm Shadow cruise missiles, a US Patriot anti-aircraft guided missile and launch vehicle, and 42 HIMARS rockets fired by multiple launch systems.
Reuters could not independently verify battlefield reports.
The frontlines in the war, which started two years ago on Saturday, had not shifted substantially since late 2022 before the taking of Avdiivka, and Russia still controls just under a fifth of Ukrainian territory.
The capture of Avdiivka, following months of fighting with heavy casualties on both sides, was Russia’s first significant gain since taking the city of Bakhmut last May.
After taking Avdiivka, units of the “Center” group of Russian forces “continued advancing in a westerly direction,” the defense ministry statement said.
“In cooperation with aviation and artillery, they defeated accumulations of manpower and equipment of the Ukrainian Armed Forces” in six nearby settlements, it said.


UK, EU border agency sign migration pact

Updated 23 February 2024
Follow

UK, EU border agency sign migration pact

  • Friday’s agreement provides for the exchange of intelligence between Frontex and the UK Border Force
  • It also agrees to collaborate on the development of new technologies, such as the use of drones to protect borders, the Home Office added

LONDON: The United Kingdom on Friday signed an agreement with the EU border agency Frontex to jointly crack down on irregular immigration, the government in London said.
Conservative Prime Minister Rishi Sunak has made stopping migrants from crossing the Channel on boats from France a priority before a general election due this year.
Friday’s agreement provides for the exchange of intelligence between Frontex and the UK Border Force to help disrupt people-smuggling gangs, Britain’s interior ministry said in a statement.
It also agrees to collaborate on the development of new technologies, such as the use of drones to protect borders, the Home Office added.
UK Border Force director general Phil Douglas and Frontex executive director Hans Leijtens signed the arrangement in London, witnessed by UK interior minister James Cleverly and the European Commissioner for Home Affairs Ylva Johansson.
“Organized immigration crime and people smuggling are global challenges that require shared solutions and ambitions,” Cleverly said.
“Our landmark working arrangement between the UK and Frontex is another crucial step in tackling illegal migration, securing our borders and stopping the boats.”
The UK government says the number of migrants arriving on England’s south coast in rudimentary vessels fell by a third last year from a record high of 45,000 migrants in 2022.
The UK government called the deal “the latest step” in its “plan to tackle illegal migration and criminal gangs,” with the issue set to feature prominently in the general election campaign.