"Iran-linked hackers access U.S Water Utilities East Coast" - The Unified Threat Advisory group is disseminating details regarding Iran-linked hackers tied to ongoing conflicts in the Middle East Theatre and previous actors from Pro-Russian groups attempting to target and compromise small U.S based Water Utilities located on the East Coast. The attackers compromised small flushing pumps attached to water hydrants or tap mains used for maintaining water quality from underground water distribution system via Eclipse 9800i series tampered the PLC for maintaining Chlorine residual levels known as Intelligence Monitoring and Flushing Station.
In addition, we are sharing technical details regarding a sophisticated and malicious Python-based Graphical User Interface (GUI) Industrial Control System (ICS) reconnaissance and data exfiltration tool known as "TRK25-ADVANCED" - a similar functionality to a previous predecessor Kurtlar_SCADA.exe used by groups such as Z-Pentest and CARR - Cyber Army of Russia allied with Pro-Palestine groups during the Israel-HAMAS conflict taught to enumerate and hack into exposed industrial control systems.
Please share this timely Unified Threat Advisory as TLP: CLEAR for distribution with no limits. This activity tracks with the toxic history of hacking groups surrounding kinetically timed attacks against Industrial Control Systems (ICS) and widely exposed OT devices at times of heightened Geopolitical conflicts in the Middle East and Russia-Ukraine war.