U.S. government sanctions Iranian officials over hacking of Pennsylvania water facilities

The U.S. Treasury Department announced sanctions on Friday against six Iranian government officials for their role in an attack on a Pennsylvania water company installation in November 2023. Iran's Islamic Revolutionary Guard Corps Cyber Electronics Command (IRGC-CEC), using the false identity of "CyberAv3ngers" (CyberAv3ngers) as a cover, targeted programmable logic controllers produced by the Israeli company Unitronics, including controllers for a water company in Aliquippa, Pennsylvania.

The hackers posted a message on the device's screen warning that "all devices made in Israel are legitimate targets for CyberAv3ngers."

Authorities said at the time that the incident had no impact on the safety of the facility or the area's drinking water. However, "unauthorized access to critical infrastructure systems could lead to actions that harm the public and have devastating humanitarian consequences," the Treasury Department statement said.

Shortly after the incident, private industry analysts and others attributed the attack to the Islamic Revolutionary Guard Corps because of its ties to previously identified hacking campaigns, targets and other non-public information.

"The ultimate goal of these hacks is to scare us and attack our fundamental trust in our own security," said John Hultquist, principal analyst at Google's Mandiant Intelligence. "Unfortunately, even if these hackers fail to disrupt the services they target, they can be effective, and the actors know this."

Hultquist said the water sector "has recently come under intense pressure from Russian, Iranian and Chinese cyber actors who recognize that the water sector is a vulnerable critical infrastructure. We must take the threats to the water sector seriously, but we must not forget that our adversaries' primary goals are psychological."

An Israeli cybersecurity expert told CyberScoop at the time that the special operation was part of a long-term cyber tit-for-tat between Iran and Israel.

Friday’s sanctions target Hamid Reza Lashgarian, chairman of the Central Election Commission of the Islamic Revolutionary Guard Corps and commander of the Quds Force of the Islamic Revolutionary Guard Corps, and five other senior officials of the Central Election Commission of the Islamic Revolutionary Guard Corps: Mahdi Lashgarian, Hamid -Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar and Reza Mohammad Amin Saberian.

CyberAv3ngers remains active on Telegram, promising new attacks in mid-January.