Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Cyberattack on Irish Utility Cuts Off Water Supply for Two Days

Hackers launched a cyberattack on an Irish water utility, causing disruption and leaving people without water for two days. 

Water company ransomware

An attack launched by hackers last week against the systems of a small water utility in Ireland interrupted the water supply for two days.

The cyberattack was reported by a local newspaper, Western People, and technical details are murky. The attack targeted a private group water scheme in the Erris area, and reportedly impacted 180 people in Binghamstown and Drum, leaving them without water on Thursday and Friday.

The newspaper reported that the hackers targeted a Eurotronics water pumping system, defacing a user interface with a message announcing the hack. The hackers also posted an anti-Israel message and said they targeted the system due to it being made in Israel.

Many hackers joined in on the Israel-Hamas war immediately after the conflict escalated in early October. 

Based on the little technical information that is publicly available, the Irish water facility was likely targeted by self-described hacktivists, who took control of a poorly protected industrial control system (ICS). 

The water utility’s representatives said the hackers may have breached the system due to their firewall not being “strong enough”. However, in most cases, hackers target internet-exposed programmable logic controllers (PLCs) or human-machine interfaces (HMIs) that are either not protected at all or protected by a default password.

The attack in Ireland comes shortly after the US government warned that a hacker group calling itself Cyber Av3ngers targeted multiple water facilities in the United States. In their attacks, the hackers took control of Unitronics Vision series PLCs with an integrated HMI.  

The most likely scenario is that they have been targeting internet-exposed PLCs protected by a default password that can be easily obtained. 

Advertisement. Scroll to continue reading.

Cyber Av3ngers claims to be a hacktivist group, but the US said the threat actor is affiliated with the Iranian government, describing it as a persona. The group came into the spotlight after hacking into the systems of the Municipal Water Authority of Aliquippa in Pennsylvania, which confirmed being hit but said there was no risk to water supply. 

It’s also worth noting that Cyber Av3ngers has made numerous allegations about hacking critical infrastructure organizations in Israel, but some of their claims turned out to be false.  

It’s unclear if this group is behind the attack on the Irish water utility, but based on the available information either Cyber Av3ngers or a similar threat actor is responsible. 

There does not appear to be any information online on Eurotronics controls systems, which could mean the attackers targeted a rebranded version of a Unitronics product.

Juan Manuel Escaño, a professor in the systems engineering and automation department at the University of Sevilla in Spain, who previously worked in Ireland, confirmed on the ICS security discussion forum SCADASEC that Unitronics products are used in the water sector in Ireland.

Related: CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack

Related: Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere

Related: EPA Mandates States Report on Cyber Threats to Water Systems

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...