A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel’s water sector, and a source tells SecurityWeek that the attackers used vulnerable cellular equipment as a point of entry.
Israeli authorities confirmed in late April that hackers had targeted industrial control systems (ICS) at several water and wastewater facilities across the country. People familiar with the attacks said at the time that the attackers had targeted programmable logic controllers (PLCs) and they knew how to target such devices.
Israeli officials said at the time that the attacks were blocked before any damage could be caused, but they warned that the incidents could have had serious consequences as the hackers attempted to make harmful modifications to the chemicals mixed into the water source.
A new round of attacks on Israel’s water sector was reported last week and, similar to the first attacks, they targeted smaller, local facilities. Israel’s Water Authority said the hackers targeted drainage facilities in the agriculture sector, specifically water pumps. Authorities said the attack did not cause any damage and it “had no real effect.”
An anonymous source with knowledge of the cyberattacks told SecurityWeek that both the latest and the April incidents involved vulnerable cellular routers, which enable organizations to remotely connect to their industrial systems.
The attackers, the source said, used the insecure cellular equipment as an entry point, and once they were inside the targeted organization they could make changes to PLCs by leveraging legitimate features, without the need to exploit any actual vulnerabilities in the controllers.
The hackers managed to make some changes to PLCs in the latest attacks, but since the targeted facilities serve a smaller area, the impact was small and the potential damage they could have caused was also limited.
Following the attacks launched in April, SecurityWeek has learned, the government advised organizations to ensure that their cellular communications equipment is not vulnerable, but at least some of them obviously failed to take action, enabling threat actors to launch another round of attacks.
Similar to the previous attacks, the latest operation was attributed to Iran.
There appears to be an ongoing cyberwar between Iran and Israel. While none of the two sides has openly admitted to launching cyberattacks, an assault aimed at a major Iranian port in May was believed to be Israel’s response to the April attacks on water facilities.
There has also been speculation that the recent fires and explosions at some important Iranian nuclear and military facilities may have been caused deliberately as part of an operation that involved cyberattacks, and Israel is the main suspect.