Security News > 2023 > November > Hackers breach US water facility via exposed Unitronics PLCs
CISA is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers exposed online.
PLCs are crucial control and management devices in industrial settings, and hackers compromising them could have severe repercussions, such as water supply contamination through manipulating the device to alter chemical dosing.
CISA confirmed that hackers have already breached a U.S. water facility by hacking these devices.
"Cyber threat actors are targeting PLCs associated with WWS facilities, including an identified Unitronics PLC, at a U.S. water facility," reads CISA's alert.
"In response, the affected municipality's water authority immediately took the system offline and switched to manual operations-there is no known risk to the municipality's drinking water or water supply."
While CISA's advisory did not specify the threat actor behind the attacks, Cyberscoop reported that a recent hack on the Municipal Water Authority of Aliquippa, Pa., was conducted by Iranianian attackers.
News URL
Related news
- Luna Moth extortion hackers pose as IT help desks to breach US firms (source)
- Chinese hackers breach US local governments using Cityworks zero-day (source)
- Hackers lurked in Treasury OCC’s systems since June 2023 breach (source)
- Hertz data breach: Customers in US, EU, UK, Australia and Canada affected (source)
- Lazarus hackers breach six companies in watering hole attacks (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Hackers behind UK retail attacks now targeting US companies (source)
- Russian hackers breach orgs to track aid routes to Ukraine (source)
- Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies (source)
- Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations (source)