Aliquippa, Pennsylvania suffers cyberattack on booster station PLC

Nov. 30, 2023
A hacktivist group disabled the Unitronics programmable logic controller at a booster station operated by the Municipal Water Authority of Aliquippa.

The Municipal Water Authority of Aliquippa, Pennsylvania has suffered a cyberattack on Saturday, Nov. 25 that disabled a programmable logic controller (PLC) at one of the authority’s booster stations.

The Municipal Water Authority of Aliquippa provides water and wastewater services to over 6,600 customers in Pennsylvania. The affected booster station monitors and regulates pressure for the Raccoon and Potter Townships.

“They did not get access to anything in our actual water treatment plant — or other parts of our system — other than a pump that regulates pressure to elevated areas of our system,” Matthew Mottes, chairman of the authority, told BeaverCountian.com. “The booster station did what it was supposed to. It sent an alarm and we took control manually. Nobody was ever at risk.”

The authority reported that it immediately took the system offline and switched to manual operations, stressing that there was no known risk to the municipality’s drinking water. Federal authorities are now investigating the cyberattack.

On Nov. 28, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about the PLC exploitation. CISA identified the compromised device as a Unitronics Vision Series PLC that had weak cybersecurity, including exposure to the internet.

According to local news channel KDKA News, the group behind the cyberattack identified itself as “Cyber Av3ngers” a hacktivist group associated with Iran. The cyberattack left an image on the PLC’s control panel, including the words “down with Israel” and claiming that any equipment made in Israel is a target of the group. Unitronics, the company that provides the Vision Series PLC, is based in Israel.

CISA provided recommendations to secure water and wastewater facilities against the Unitronics PLC’s vulnerabilities. These tips are also helpful for many IT-compatible PLCs:

  • Change the Unitronics PLC default password (“1111”).
  • Require multifactor authentication for all remote access to the operational technology network.
  • Disconnect the PLC from direct internet exposure, or implement a firewall or gateway in front of the PLC to control network access.
  • Back up the logic and configurations of the PLCs to enable fast recovery.
  • If possible, use a transmission control protocol (TCP) port that is not the default Unitronics PLC port (TCP 20256), to better obscure the PLC from cyberattacks.
  • Update the PLC firmware to its latest version
About the Author

Jeremy Wolfe

Jeremy Wolfe is a former Editor for WaterWorld magazine.

Sponsored Recommendations

ArmorBlock 5000: Boost Automation Efficiency

April 25, 2024
Discover the transformative benefits of leveraging a scalable On-Machine I/O to improve flexibility, enhance reliability and streamline operations.

Rising Cyber Threats and the Impact on Risk and Resiliency Operations

April 25, 2024
The world of manufacturing is changing, and Generative AI is one of the many change agents. The 2024 State of Smart Manufacturing Report takes a deep dive into how Generative ...

State of Smart Manufacturing Report Series

April 25, 2024
The world of manufacturing is changing, and Generative AI is one of the many change agents. The 2024 State of Smart Manufacturing Report takes a deep dive into how Generative ...

SmartSights WIN-911 Alarm Notification Software Enables Faster Response

March 15, 2024
Alarm notification software enables faster response for customers, keeping production on track