Iranian hackers access unsecured HMI at Israeli Water Facility

A group of Iranian hackers gained access to a un unprotected ICS at an Israeli Water Facility and posted a video as proof of the hack.

Researchers from industrial cybersecurity firm OTORIO revealed that a group of Iranian hackers gained access to a un unprotected ICS at the Israeli Water Facility. The threat actors accessed a human-machine interface (HMI) system that was left unsecured online and published a video hack.

The hackers claimed to have breached an Israeli water facility, likely recycled water, in a video that was published the night of December 1st, 2020.

“The reservoir’s HMI system was connected directly to the internet, without any security appliance defending it or limiting access to it. Furthermore, at the time of the publication, the system did not use any authentication method upon access.” reads the blog post published by OTORIO.

“This gave the attackers easy access to the system and the ability to modify any value in the system, allowing them, for example, to tamper with the water pressure, change the temperature and more. All the adversaries needed was a connection to the world-wide-web, and a web browser.”

This access could have allowed the attackers to interact with processes at the water facility by manipulating the value of parameters such as water pressure and temperature.

The accessed system was secured by the administrators on December 2, but it was still exposed online.

Experts noticed that the system still allows communications on port 502, which is used for Modbus protocol, that doesn’t require any authentication/encryption. An attacker could easily interact with the system via Modbus.

At the time of this writing, it is not clear if the intrusion has caused any damage.

OTORIO experts said that the Iranian crew behind the attack, named “Unidentified TEAM, ” published the breach over its Telegram channel. This group also hit other American websites, including a governmental education website in Texas.

“In that case, the attackers stated they are avenging the death of Iranian nuclear scientist Mohsen Fakhrizadeh, who was assassinated at the end of November 2020.” concludes the post.

In April an attack hit an Israeli water facility attempting to modify water chlorine levels. In June, officials from the Water Authority revealed two more cyber attacks on other facilities in the country.

Two cyber-attacks took place in June and according to the officials, they did not cause any damage to the targeted infrastructure.

One of the attacks hit agricultural water pumps in upper Galilee, while the other one hit water pumps in the central province of Mateh Yehuda.

Israel’s National Cyber Directorate announced to have received reports of cyber attacks aimed at supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations and sewage facilities.

Organizations are recommended to implement supplementary security measures to protect SCADA systems used in the water and energy sectors. The government urges to immediately change the passwords of control systems exposed online, ensure that their software is up to date, and reduce their exposure online.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, water facility)

[adrotate banner=”5″]

[adrotate banner=”13″]