Aliquippa pumping station attack: SecurityScorecard reveals new details

Member
Joined
Oct 14, 2023
Messages
225
10 IP addresses that could have been used by intruders were identified.

The team has established with high confidence the IP addresses of the websites used for the November cyberattack on the Municipal Water Supply Administration of Aliquippa (MWAA) in Pennsylvania.

The CyberAv3ngers group, allegedly acting in the interests of Iran, has already claimed responsibility for the attack. Hackers left a kind of "digital message"in their Telegram channel. The findings of SecurityScorecard confirm that this was not an empty threat, but a real attack.

The study identified 10 addresses whose activity in the run-up to the attack, according to SecurityScorecard, could be regarded as a "wake-up call". Four of these IP addresses generated almost two-thirds (180 out of 303) of the data streams sent to the water authority's servers in the month before the incident.

Further analysis revealed that the four suspicious addresses exchanged information with 368 other protocols registered in Iran.

"Given that the CyberAv3ngers hacker group was previously linked to Iran, SecurityScorecard specialists analyzed traffic for these four IP addresses to find additional evidence of their origin," the experts explain in their report.

Added to SecurityScorecard: "It is unlikely that all 368 Iranian IP addresses were involved in malicious activities of criminals (there are also legitimate cases of VPN use). Therefore, the researchers focused on those identifiers that were most likely to be involved in activities aimed at water management."

Thus, the list was narrowed down to 6 addresses, which, together with the four main ones, made up the mentioned top ten.

Analysts believe that in the future, careful monitoring of IP traffic will help prevent similar incidents. In their opinion, organizations will be able to protect themselves by tracking links to the listed identifiers.

The SecurityScorecard team also noted the vulnerability of local governments and utilities, which often do not have reliable protection against sophisticated cyber attacks. This makes them a particularly tempting target for hackers acting in the interests of states.
 
Top