Security Experts:

Connect with us

Hi, what are you looking for?



Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities

A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel’s water sector, and a source tells SecurityWeek that the attackers used vulnerable cellular equipment as a point of entry.

A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel’s water sector, and a source tells SecurityWeek that the attackers used vulnerable cellular equipment as a point of entry.

Israeli authorities confirmed in late April that hackers had targeted industrial control systems (ICS) at several water and wastewater facilities across the country. People familiar with the attacks said at the time that the attackers had targeted programmable logic controllers (PLCs) and they knew how to target such devices.

Israeli officials said at the time that the attacks were blocked before any damage could be caused, but they warned that the incidents could have had serious consequences as the hackers attempted to make harmful modifications to the chemicals mixed into the water source.Iran again targets Israel's water sector

A new round of attacks on Israel’s water sector was reported last week and, similar to the first attacks, they targeted smaller, local facilities. Israel’s Water Authority said the hackers targeted drainage facilities in the agriculture sector, specifically water pumps. Authorities said the attack did not cause any damage and it “had no real effect.”

An anonymous source with knowledge of the cyberattacks told SecurityWeek that both the latest and the April incidents involved vulnerable cellular routers, which enable organizations to remotely connect to their industrial systems.

The attackers, the source said, used the insecure cellular equipment as an entry point, and once they were inside the targeted organization they could make changes to PLCs by leveraging legitimate features, without the need to exploit any actual vulnerabilities in the controllers.

The hackers managed to make some changes to PLCs in the latest attacks, but since the targeted facilities serve a smaller area, the impact was small and the potential damage they could have caused was also limited.

Learn more about threats to industrial systems at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

Following the attacks launched in April, SecurityWeek has learned, the government advised organizations to ensure that their cellular communications equipment is not vulnerable, but at least some of them obviously failed to take action, enabling threat actors to launch another round of attacks.

Similar to the previous attacks, the latest operation was attributed to Iran.

There appears to be an ongoing cyberwar between Iran and Israel. While none of the two sides has openly admitted to launching cyberattacks, an assault aimed at a major Iranian port in May was believed to be Israel’s response to the April attacks on water facilities.

There has also been speculation that the recent fires and explosions at some important Iranian nuclear and military facilities may have been caused deliberately as part of an operation that involved cyberattacks, and Israel is the main suspect.

Related: Bitter Israel-Iran Rivalry Takes New Forms Online

Related: Hackers Knew How to Target PLCs in Israel Water Facility Attacks: Sources

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.