CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Cyberattack on Irish Utility Cuts Off Water Supply for Two Days

Hackers launched a cyberattack on an Irish water utility, causing disruption and leaving people without water for two days. 

Water system

An attack launched by hackers last week against the systems of a small water utility in Ireland interrupted the water supply for two days.

The cyberattack was reported by a local newspaper, Western People, and technical details are murky. The attack targeted a private group water scheme in the Erris area, and reportedly impacted 180 people in Binghamstown and Drum, leaving them without water on Thursday and Friday.

The newspaper reported that the hackers targeted a Eurotronics water pumping system, defacing a user interface with a message announcing the hack. The hackers also posted an anti-Israel message and said they targeted the system due to it being made in Israel.

Many hackers joined in on the Israel-Hamas war immediately after the conflict escalated in early October. 

Based on the little technical information that is publicly available, the Irish water facility was likely targeted by self-described hacktivists, who took control of a poorly protected industrial control system (ICS). 

The water utility’s representatives said the hackers may have breached the system due to their firewall not being “strong enough”. However, in most cases, hackers target internet-exposed programmable logic controllers (PLCs) or human-machine interfaces (HMIs) that are either not protected at all or protected by a default password.

The attack in Ireland comes shortly after the US government warned that a hacker group calling itself Cyber Av3ngers targeted multiple water facilities in the United States. In their attacks, the hackers took control of Unitronics Vision series PLCs with an integrated HMI.  

The most likely scenario is that they have been targeting internet-exposed PLCs protected by a default password that can be easily obtained. 

Advertisement. Scroll to continue reading.

Cyber Av3ngers claims to be a hacktivist group, but the US said the threat actor is affiliated with the Iranian government, describing it as a persona. The group came into the spotlight after hacking into the systems of the Municipal Water Authority of Aliquippa in Pennsylvania, which confirmed being hit but said there was no risk to water supply. 

It’s also worth noting that Cyber Av3ngers has made numerous allegations about hacking critical infrastructure organizations in Israel, but some of their claims turned out to be false.  

It’s unclear if this group is behind the attack on the Irish water utility, but based on the available information either Cyber Av3ngers or a similar threat actor is responsible. 

There does not appear to be any information online on Eurotronics controls systems, which could mean the attackers targeted a rebranded version of a Unitronics product.

Juan Manuel Escaño, a professor in the systems engineering and automation department at the University of Sevilla in Spain, who previously worked in Ireland, confirmed on the ICS security discussion forum SCADASEC that Unitronics products are used in the water sector in Ireland.

Related: CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack

Related: Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere

Related: EPA Mandates States Report on Cyber Threats to Water Systems

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.