A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel’s water sector, and a source tells SecurityWeek that the attackers used vulnerable cellular equipment as a point of entry.
Israeli authorities confirmed in late April that hackers had targeted industrial control systems (ICS) at several water and wastewater facilities across the country. People familiar with the attacks said at the time that the attackers had targeted programmable logic controllers (PLCs) and they knew how to target such devices.
Israeli officials said at the time that the attacks were blocked before any damage could be caused, but they warned that the incidents could have had serious consequences as the hackers attempted to make harmful modifications to the chemicals mixed into the water source.
A new round of attacks on Israel’s water sector was reported last week and, similar to the first attacks, they targeted smaller, local facilities. Israel’s Water Authority said the hackers targeted drainage facilities in the agriculture sector, specifically water pumps. Authorities said the attack did not cause any damage and it “had no real effect.”
An anonymous source with knowledge of the cyberattacks told SecurityWeek that both the latest and the April incidents involved vulnerable cellular routers, which enable organizations to remotely connect to their industrial systems.
The attackers, the source said, used the insecure cellular equipment as an entry point, and once they were inside the targeted organization they could make changes to PLCs by leveraging legitimate features, without the need to exploit any actual vulnerabilities in the controllers.
The hackers managed to make some changes to PLCs in the latest attacks, but since the targeted facilities serve a smaller area, the impact was small and the potential damage they could have caused was also limited.
Learn more about threats to industrial systems at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series
Following the attacks launched in April, SecurityWeek has learned, the government advised organizations to ensure that their cellular communications equipment is not vulnerable, but at least some of them obviously failed to take action, enabling threat actors to launch another round of attacks.
Similar to the previous attacks, the latest operation was attributed to Iran.
There appears to be an ongoing cyberwar between Iran and Israel. While none of the two sides has openly admitted to launching cyberattacks, an assault aimed at a major Iranian port in May was believed to be Israel’s response to the April attacks on water facilities.
There has also been speculation that the recent fires and explosions at some important Iranian nuclear and military facilities may have been caused deliberately as part of an operation that involved cyberattacks, and Israel is the main suspect.
Related: Bitter Israel-Iran Rivalry Takes New Forms Online
Related: Hackers Knew How to Target PLCs in Israel Water Facility Attacks: Sources

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
Latest News
- Sentra Raises $30 Million for DSPM Technology
- Cyber Insights 2023: Cyberinsurance
- Cyber Insights 2023: Attack Surface Management
- Cyber Insights 2023: Artificial Intelligence
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- Guardz Emerges From Stealth Mode With $10 Million in Funding
- How the Atomized Network Changed Enterprise Protection
- Critical QNAP Vulnerability Leads to Code Injection
