ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > CyberAv3ngers

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: CyberAv3ngers

NamesCyberAv3ngers (self given)
CountryIran Iran
SponsorState-sponsored, Islamic Revolutionary Guard Corps (IRGC)
MotivationSabotage and destruction
First seen2019
Description(CISA) The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as 'the authoring agencies'—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors.

The IRGC is an Iranian military organization that the United States designated as a foreign terrorist organization in 2019. IRGC-affiliated cyber actors using the persona “CyberAv3ngers” are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs). These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies.
ObservedSectors: Industrial.
Countries: Ireland, Israel, USA.
Tools used
Operations performedNov 2023Pennsylvania water authority hit with cyberattack allegedly tied to pro-Iran group
<https://therecord.media/water-authority-pennsylvania-cyberattack-pro-iran-group>
Dec 2023Two-day water outage in remote Irish region caused by pro-Iran hackers
<https://therecord.media/water-outage-in-ireland-county-mayo>
Counter operationsAug 2024CyberAv3ngers
<https://rewardsforjustice.net/rewards/cyberav3ngers/>
Information<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a>

Last change to this card: 27 August 2024

Download this actor card in PDF or JSON format

Previous: Cutting Kitten, TG-2889
Next: Cyber Berkut

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]