Cyber Incident Victim: Municipal Water Authority of Aliquippa
Date:
Oct 2023
Location:
United States of America
Summary
The Municipal Water Authority of Aliquippa experienced a cyberattack attributed to the pro-Iran hacking group Cyber Av3ngers, which compromised a pump station’s isolated computer network displaying a message from the attackers. The breached system utilized Unitronics components, an Israeli-linked technology company targeted by the group. Officials confirmed no impact on drinking water quality or supply, as the affected pump—physically separated from primary systems—was taken offline while backups maintained pressure and service. Federal investigators assisted local authorities in responding to the incident, which underscored broader vulnerabilities in critical infrastructure security amid rising cyber threats against water utilities. The attack followed recent regulatory disputes over cybersecurity requirements for U.S. water systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 1, 2023, the Municipal Water Authority of Aliquippa—serving communities northwest of Pittsburgh, Pennsylvania—reported a cyberattack targeting a remote pump station responsible for maintaining water pressure and regulating flow in elevated areas. Alarms activated at the facility on Saturday, prompting staff to contact local police for investigation. Workers discovered computer screens displaying a message from the hacking group Cyber Av3ngers, which has publicly aligned itself with Iranian leadership and targeted entities linked to Israel. The compromised station operated on a dedicated computer network physically separated from the water authority’s primary systems and main treatment plant, located miles away from the intrusion site. Authority Chairman Matthew Mottes confirmed the attackers accessed only the pressure-regulation equipment, which utilized components or software from Israeli-owned technology firm Unitronics. Personnel immediately took the affected system offline and implemented backup tools to sustain water pressure without service interruptions. Mottes emphasized no impact on drinking water safety, supply, or other sections of the water distribution network.
Federal law enforcement agencies joined the investigation following notification by Congressman Chris Deluzio (D-PA), who publicly affirmed the continuity of water services for residents. The Cyber Av3ngers group claimed responsibility for the intrusion as part of its broader campaign against Israeli-linked infrastructure, having previously announced attacks on 10 Israeli water treatment facilities. This incident occurred amid ongoing debates about U.S. water utility cybersecurity, following recent lawsuits by industry groups against proposed Environmental Protection Agency (EPA) rules that would have mandated cybersecurity evaluations during annual state sanitary surveys. Industry associations—including the American Water Works Association (AWWA) and National Rural Water Association (NRWA)—had successfully challenged the EPA’s authority, advocating for utility-developed requirements instead, despite acknowledging escalating cyberattacks against water infrastructure nationwide. U.S. officials documented at least five ransomware attacks against water and wastewater facilities between 2019 and 2021, excluding three additional high-profile incidents not formally classified in federal data.