Threat Group Cards: A Threat Actor Encyclopedia

APT group: CyberAv3ngers

Names	CyberAv3ngers (self given)
Country	Iran
Sponsor	State-sponsored, Islamic Revolutionary Guard Corps (IRGC)
Motivation	Sabotage and destruction
First seen	2019
Description	(CISA) The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as 'the authoring agencies'—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors. The IRGC is an Iranian military organization that the United States designated as a foreign terrorist organization in 2019. IRGC-affiliated cyber actors using the persona “CyberAv3ngers” are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs). These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies.
Observed	Sectors: Industrial. Countries: Ireland, Israel, USA.
Tools used
Operations performed	Nov 2023	Pennsylvania water authority hit with cyberattack allegedly tied to pro-Iran group <https://therecord.media/water-authority-pennsylvania-cyberattack-pro-iran-group>
	Dec 2023	Two-day water outage in remote Irish region caused by pro-Iran hackers <https://therecord.media/water-outage-in-ireland-county-mayo>
Information	<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a>

Last change to this card: 16 January 2024

Download this actor card in PDF or JSON format

Previous: Cutting Kitten, TG-2889
Next: Cyber Berkut