The Treasury Department named and sanctioned six Iranian military hackers Friday, accusing them of cyberattacks against U.S. water companies.
The attacks, most of which happened late last year, did not result in any American critical services being interrupted, the Treasury said in its announcement. But they highlight the risk of critical infrastructure connecting to the internet, and how regional physical conflict can spill into global cyberattacks.
The hackers posed online as a group of amateur anti-Israel activists calling themselves the “CyberAv3ngers,” openly supporting Iran. The group maintains a presence on Telegram. After Israel’s invasion of Gaza, the CyberAv3ngers ramped up cyberattacks against Israeli infrastructure, particularly water systems.
A group of U.S. agencies had previously identified the group as being a front for the Islamic Revolutionary Guard Corps, a military branch.
The Treasury sometimes sanctions hackers working for foreign military and intelligence services for activities that the U.S. and its allies go beyond fair play in cyberspace, like attacking civilian infrastructure. The sanctions mean American people and companies are barred from doing business with the six individuals.
The group claimed particular success against software from Unitronics, an Israeli company that sells a program popular with industrial water operators. The hackers discovered that many Unitronics customers never changed their default password, according to the Cybersecurity and Infrastructure Security Agency (CISA), making it easy for them to hunt down and gain initial access to certain water plants around the world.
In late November, the hackers broke into American Unitronics customers in several states and left a message that read, “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target,” according to a CISA alert.
A U.S. official at the time told NBC News that fewer than 10 American facilities had been hacked that way. Most victims remain unidentified, but the Municipal Water Authority of Aliquippa, Pennsylvania, identified itself as a victim on Thanksgiving Day.
It’s unclear if any American organizations have fallen victim to the hacking campaign since.
The group has not claimed new victims this year.
Iran’s mission to the United Nations did not immediately respond to a request for comment.