CyberAv3ngers
Description
(CISA) The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as ‘the authoring agencies’—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated Advanced Persistent Threat (APT) cyber actors.
The IRGC is an Iranian military organization that the United States designated as a foreign terrorist organization in 2019. IRGC-affiliated cyber actors using the persona “CyberAv3ngers” are actively targeting and compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs). These PLCs are commonly used in the Water and Wastewater Systems (WWS) Sector and are additionally used in other industries including, but not limited to, energy, food and beverage manufacturing, and healthcare. The PLCs may be rebranded and appear as different manufacturers and companies.
Names
| Name | Name-Giver |
|---|---|
| CyberAv3ngers | self given |
Country
Sponsor
State-sponsored, Islamic Revolutionary Guard Corps (IRGC)
Motivation
- Sabotage and destruction
First Seen
2019
Observed Sectors
Observed Countries
Operations
- 2023-11: Pennsylvania water authority hit with cyberattack allegedly tied to pro-Iran group https://therecord.media/water-authority-pennsylvania-cyberattack-pro-iran-group
- 2023-12: Two-day water outage in remote Irish region caused by pro-Iran hackers https://therecord.media/water-outage-in-ireland-county-mayo
Counter Operations
- 2024-08: CyberAv3ngers https://rewardsforjustice.net/rewards/cyberav3ngers/
Information
Other Information
Uuid
9fe10605-78f1-4c01-bf85-b9dfa21431cd
Last Card Change
2024-08-27