Iranian Hackers Attack US Water Supplies

Uploaded on 2024-04-15 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW, BUSINESS-Production-Utilities, TECHNOLOGY--Hackers

A White House national security official has said recent cyber attacks by Iranian hackers on US water authorities should be seen as a call to action by utilities and industry to tighten cyber security.

Now, the US government is warning state governors that Iranian hackers are carrying out disruptive cyber attacks against water and sewage systems throughout the country, as a result if rising tensions in the Middle East.

The US national security adviser Jake Sullivan, has warned state governors and asked them to be  alert for potential cyber attacks on States critical infrastructure systems. The warning letter which was released last month was co-authored by Michael Regan, the head of the US Environmental Protection Agency. 

This warning comes after Islamic Revolutionary Guard Corps (IRGC), were attributed responsibility for cyber attacks against critical US infrastructure, including drinking water systems. The IRGC affiliated hackers were able to target and disable a common type of operational technology used at water facilities where the facility had neglected to change a default manufacturer password.

Sullivan and Regan refer to ongoing threats from hackers linked to the governments of Iran and China and warned hackers associated with both states have previously attacked water systems. Their intention is to warn to organisations operating critical utilities and that in many cases their facilities lack the personnel and technical resources to address the threat or implement robust cyber security mechanisms.  

The US has imposed sanctions on six officials in IRGC, which it says are responsible for the cyber-attacks on American water plants in 2023. Hackers related to the Iranian regime attacked Israeli-made digital controls in the water industries in the US last November, affecting several states without affecting water supply.

Water facilities in the US have long been an easy target for cyber attacks due to the critical underfunding, low staffing levels, and a general lack of cyber security. 

The US Government has previously said that the burden of responsibility for cyber security should be shifted onto private enterprises, that are best positioned to reduce the risks for small businesses and public institutions.

Telegraph     |     BBC     |     Oodaloop     |     CBS News     |     Iran International   | Reuters     |     Tech Radar    |

 Bloomberg    |      Image: Dan Meyers

 

You Might Also Read:

Attack On Israel’s Water Systems:

DIRECTORY OF SUPPLIERS - Critical Infrastructure Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« British Businesses Must Do More To Protect Themselves
Controlling The Use Of Cyber Weapons »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

My Data Recovery Lab

My Data Recovery Lab

We recover data from: HDDs, RAIDs, NAS, SSDs, USB Flash Devices, Desktop Computers, Mobile devices and other data storage media.

International Computer Science Institute (ICSI)

International Computer Science Institute (ICSI)

ICSI is a leading independent, nonprofit center for research in computer science. Research areas include network security and privacy.

TrustArc

TrustArc

TrustArc provide privacy compliance and risk management with integrated technology, consulting and TRUSTe certification solutions – addressing all phases of privacy program management.

FixMeStick

FixMeStick

FixMeStick is a virus removal device, a USB key that removes malware conventional antivirus software often can’t detect.

Paygilant

Paygilant

Paygilant’s disruptive technology is designed to protect mobile payment  financial transactions against fraudulent attacks, whether executed by NFC, QR code, P2P or in-app.

HudsonCyber

HudsonCyber

HudsonCyber, part of HudsonAnalytix, provides leading cyber risk management services for the global maritime transportation industry.

Delta Risk

Delta Risk

Delta Risk is a global provider of managed security services and cyber security risk management solutions to government and private sector clients.

Assured Enterprises

Assured Enterprises

Assured Enterprises provides comprehensive cyber risk identification, management and mitigation across all platforms.

Identifi Global Recruitment

Identifi Global Recruitment

Identifi Global is one of the UK's leading Cyber Security & IT Recruitment specialists.

Octane OC

Octane OC

OCTANe is building the SoCal of tomorrow. We drive innovation and growth by connecting people, resources and capital. Our Incubator focus is FinTech, Data Analytics and Cybersecurity.

Crosspring

Crosspring

Crosspring is an incubator/accelerator for people who have the ambition to start a successful business or want to extend their existing business in the areas of FinTech, AR, VR, Cybersecurity and SaaS

Splone

Splone

Splone is a Berlin-based IT security research team and consultancy. We help improve IT-security by offering red team assements, penetration tests, audits and customized consulting.

Phriendly Phishing

Phriendly Phishing

Phriendly Phishing offers phishing awareness training programs designed to ward off potential security threats and minimise the impact of cyber attacks.

Papua New Guinea National Cyber Security Centre (PNG NCSC)

Papua New Guinea National Cyber Security Centre (PNG NCSC)

PNG NCSC is a jointly funded initiative enabling PNG to benefit with the most advanced cyber protection of its critical information and communications technology infrastructure.

Opal Security

Opal Security

Opal is an identity and access management platform that offers a consolidated view and control of your whole ecosystem from on-prem to cloud and SaaS.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.