An attack launched by hackers last week against the systems of a small water utility in Ireland interrupted the water supply for two days.
The cyberattack was reported by a local newspaper, Western People, and technical details are murky. The attack targeted a private group water scheme in the Erris area, and reportedly impacted 180 people in Binghamstown and Drum, leaving them without water on Thursday and Friday.
The newspaper reported that the hackers targeted a Eurotronics water pumping system, defacing a user interface with a message announcing the hack. The hackers also posted an anti-Israel message and said they targeted the system due to it being made in Israel.
Many hackers joined in on the Israel-Hamas war immediately after the conflict escalated in early October.
Based on the little technical information that is publicly available, the Irish water facility was likely targeted by self-described hacktivists, who took control of a poorly protected industrial control system (ICS).
The water utility’s representatives said the hackers may have breached the system due to their firewall not being “strong enough”. However, in most cases, hackers target internet-exposed programmable logic controllers (PLCs) or human-machine interfaces (HMIs) that are either not protected at all or protected by a default password.
The attack in Ireland comes shortly after the US government warned that a hacker group calling itself Cyber Av3ngers targeted multiple water facilities in the United States. In their attacks, the hackers took control of Unitronics Vision series PLCs with an integrated HMI.
The most likely scenario is that they have been targeting internet-exposed PLCs protected by a default password that can be easily obtained.
Cyber Av3ngers claims to be a hacktivist group, but the US said the threat actor is affiliated with the Iranian government, describing it as a persona. The group came into the spotlight after hacking into the systems of the Municipal Water Authority of Aliquippa in Pennsylvania, which confirmed being hit but said there was no risk to water supply.
It’s also worth noting that Cyber Av3ngers has made numerous allegations about hacking critical infrastructure organizations in Israel, but some of their claims turned out to be false.
It’s unclear if this group is behind the attack on the Irish water utility, but based on the available information either Cyber Av3ngers or a similar threat actor is responsible.
There does not appear to be any information online on Eurotronics controls systems, which could mean the attackers targeted a rebranded version of a Unitronics product.
Juan Manuel Escaño, a professor in the systems engineering and automation department at the University of Sevilla in Spain, who previously worked in Ireland, confirmed on the ICS security discussion forum SCADASEC that Unitronics products are used in the water sector in Ireland.
Related: CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack
Related: Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere
Related: EPA Mandates States Report on Cyber Threats to Water Systems