Names | CyberAv3ngers (self given) | |
Country | Iran | |
Sponsor | State-sponsored, Islamic Revolutionary Guard Corps (IRGC) | |
Motivation | Sabotage and destruction | |
First seen | 2019 | |
Description | (CISA) The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as 'the authoring agencies'—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors. The IRGC is an Iranian military organization that the United States designated as a foreign terrorist organization in 2019. IRGC-affiliated cyber actors using the persona “CyberAv3ngers” are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs). These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies. | |
Observed | Sectors: Industrial. Countries: Ireland, Israel, USA. | |
Tools used | ||
Operations performed | Nov 2023 | Pennsylvania water authority hit with cyberattack allegedly tied to pro-Iran group <https://therecord.media/water-authority-pennsylvania-cyberattack-pro-iran-group> |
Dec 2023 | Two-day water outage in remote Irish region caused by pro-Iran hackers <https://therecord.media/water-outage-in-ireland-county-mayo> | |
Counter operations | Aug 2024 | CyberAv3ngers <https://rewardsforjustice.net/rewards/cyberav3ngers/> |
Information | <https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a> |
Last change to this card: 27 August 2024
Download this actor card in PDF or JSON format
Previous: Cutting Kitten, TG-2889
Next: Cyber Berkut
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |