The U.S. Treasury Department on Friday announced sanctions against a half dozen Iranian government officials for their role in targeting devices at a Pennsylvania water utility in November 2023.
Working behind a flimsy persona — the “Cyber Av3ngers” — the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) targeted programmable logic controllers manufactured by Unitronics, an Israeli company, including one at a water utility in Aliquippa, Pa., the Treasury Department said in its announcement.
The hackers posted a message to the screen of the device warning that “every equipment made in Israel is Cyber Av3ngers legal target.”
The incident did not cause any impact to the safety of the facility or drinking water in the area, authorities said at the time. Nevertheless, “unauthorized access to critical infrastructure systems can enable actions that harm the public and cause devastating humanitarian consequences,” the Treasury statement said.
Shortly after the incident, private industry analysts and others identified the attack as the work of the IRGC, given connections to previously identified hacking campaigns, the targeting, and other non-public information.
“The ultimate purpose of these hacks is to scare us and attack our trust in our own basic safety,” said John Hultquist, chief analyst with Google’s Mandiant Intelligence. “Unfortunately, they can be effective even when they fail to disrupt the services they target, which this actor knows.”
Hultquist said the water sector “has been under enormous pressure lately from Russian, Iranian, and Chinese cyber actors who recognize it as a vulnerable critical infrastructure. We have to take the threats to water seriously, but we can’t forget that the adversary’s primary goal is psychological.”
This particular operation was part of the long-running cyber tit-for-tat between Iran and Israel, an Israeli cybersecurity expert told CyberScoop at the time.
Friday’s sanctions targeted Hamid Reza Lashgarian, the head of the IRGC-CEC and a commander in the IRGC-Qods Force, and five other senior IRGC-CEC officials: Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar and Reza Mohammad Amin Saberian.
The Cyber Av3ngers persona remains active on Telegram and promised new attacks as recently as mid-January.