Iranian Hackers Attack US Water Supplies

Uploaded on 2024-04-15 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW, BUSINESS-Production-Utilities, TECHNOLOGY--Hackers

A White House national security official has said recent cyber attacks by Iranian hackers on US water authorities should be seen as a call to action by utilities and industry to tighten cyber security.

Now, the US government is warning state governors that Iranian hackers are carrying out disruptive cyber attacks against water and sewage systems throughout the country, as a result if rising tensions in the Middle East.

The US national security adviser Jake Sullivan, has warned state governors and asked them to be  alert for potential cyber attacks on States critical infrastructure systems. The warning letter which was released last month was co-authored by Michael Regan, the head of the US Environmental Protection Agency. 

This warning comes after Islamic Revolutionary Guard Corps (IRGC), were attributed responsibility for cyber attacks against critical US infrastructure, including drinking water systems. The IRGC affiliated hackers were able to target and disable a common type of operational technology used at water facilities where the facility had neglected to change a default manufacturer password.

Sullivan and Regan refer to ongoing threats from hackers linked to the governments of Iran and China and warned hackers associated with both states have previously attacked water systems. Their intention is to warn to organisations operating critical utilities and that in many cases their facilities lack the personnel and technical resources to address the threat or implement robust cyber security mechanisms.  

The US has imposed sanctions on six officials in IRGC, which it says are responsible for the cyber-attacks on American water plants in 2023. Hackers related to the Iranian regime attacked Israeli-made digital controls in the water industries in the US last November, affecting several states without affecting water supply.

Water facilities in the US have long been an easy target for cyber attacks due to the critical underfunding, low staffing levels, and a general lack of cyber security. 

The US Government has previously said that the burden of responsibility for cyber security should be shifted onto private enterprises, that are best positioned to reduce the risks for small businesses and public institutions.

Telegraph     |     BBC     |     Oodaloop     |     CBS News     |     Iran International   | Reuters     |     Tech Radar    |

 Bloomberg    |      Image: Dan Meyers

 

You Might Also Read:

Attack On Israel’s Water Systems:

DIRECTORY OF SUPPLIERS - Critical Infrastructure Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« British Businesses Must Do More To Protect Themselves
Controlling The Use Of Cyber Weapons »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

mile2

mile2

Mile2 develop and deliver proprietary vendor neutral professional certifications for the cyber security industry.

Prevalent

Prevalent

Prevalent takes the pain out of third-party risk management. Companies use our services to eliminate the security and compliance exposures that come from working with vendors and suppliers.

ThirdWatch

ThirdWatch

ThirdWatch is a Data Science company with real-time automated fraud prevention solutions.

Mosaic 451

Mosaic 451

Mosaic451 is a bespoke IT managed services provider and consultancy specializing in information security, operations and design.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

Intellias

Intellias

Intellias is a trusted technology partner to top-tier organizations and digital natives helping them accelerate their pace of sustainable digitalization.

Mitiga

Mitiga

Mitiga uniquily combines the top cybersecurity minds in Incident Readiness and Response with a cloud-based platform for cloud and hybrid environments.

GajShield

GajShield

GajShield Infotech provides Data Security Firewall solutions to Corporate’s and Government agencies.

Onwardly

Onwardly

For everyday folks tasked with implementing security and privacy. Do it faster with Onwardly - build, launch and scale your cyber resilience program in 30 minutes per week.

Cyber Security Global

Cyber Security Global

Cyber Security Global is a leader in electronic security, consultancy, technology, cybersecurity solutions, training, and specialized products.

AI Security Institute (AISI)

AI Security Institute (AISI)

The AI Security Institute’s mission is to minimise surprise to the UK and humanity from rapid and unexpected advances in AI.

Anch.AI

Anch.AI

Anch.AI is an Ethical AI Governance platform that helps you comply with EU regulations and avoid risks and penalties when developing and using AI as part of your business.

Fraud.net

Fraud.net

Fraud.net operates the first end-to-end fraud management and revenue enhancement ecosystem specifically built for digital enterprises and fintechs globally.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.

StackGen

StackGen

StackGen (formerly appCD) automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied.

Cyber Castle

Cyber Castle

Linux Demands Sophisticated, Purpose-Built Security. Cyber Castle is the solution. A safe, deployable platform down to the edge device for monitoring Linux security anywhere across the globe.