image credit: Freepik

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities

December 4, 2023


Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers (PLCs), US and Israeli authorities have said in a joint cybersecurity advisory.

CyberAv3ngers targeting Unitronics PLCs

CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series PLC at a water system facility in Pennsylvania, and urged other water authorities to promptly secure their Unitronics PLCs.

The agency has advised them to change the default password and port used by the PLC, disconnect it from the open internet or secure remote access by using firewall, VPN and multi-factor authentication (MFA), create configuration backups, and update the PLC/HMI to the latest available version.

Read More on Help Net Security