Florida Water Agency confirms cyberattack amidst broader water utility attacks

The St. Johns River Water Management District (SJRWMD), a regulatory agency overseeing Florida’s long-term drinking water supply, has confirmed responding to a cyberattack in recent days. This revelation comes as US cybersecurity agencies warn of a surge in foreign attacks targeting water utilities.

 

SJRWMD spokesperson acknowledged "suspicious activity" within its IT environment and the successful implementation of containment measures. While the agency lacks direct control over water utility technology, it collaborates closely with utilities on water supply issues.

 

The attack aligns with last week’s warnings from the Cybersecurity and Infrastructure Security Agency (CISA) regarding the active exploitation of Unitronics programmable logic controllers (PLCs) widely used by water sector organizations. CISA linked the advisory to a Water Information Sharing and Analysis Center (WaterISAC) notice about a November 26 attack on a Pennsylvania water utility.

 

Another North Texas water utility serving 2 million people reported a cybersecurity incident causing operational issues, though officials remained unclear about its connection to Unitronics PLC vulnerabilities.

 

CNN reported that CISA informed Senate and House staffers on Thursday about "less than 10" water facilities across the US facing cyberattacks in recent days.

 

The hackers behind the Pennsylvania incident, identified as CyberAv3ngers, have expressed ties to Iran’s Islamic Revolutionary Guard Corps (IRGC) and pledged to attack entities linked to Israel. They claim to have targeted 10 Israeli water treatment plants.

 

CISA, alongside the FBI, National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD), released an advisory warning of CyberAv3ngers’ connection to the IRGC.

 

The advisory highlights the group’s active targeting and compromise of Israeli-made Unitronics Vision Series PLCs. Since at least November 22, IRGC-affiliated hackers have exploited default credentials in Unitronics devices, motivated by a desire to target anything associated with Israel.