The Municipal Water Authority of Aliquippa suffered the cyberattack on Saturday, with several media outlets displaying images of a screen from the authority equipment that claimed to target Israeli-made products.
In a Tuesday alert, the federal Cybersecurity and Infrastructure Security Agency (CISA) said the hackers, who some media outlets have identified as the pro-Iran group CyberAvengers, "likely accessed the affected device ... by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet."
CISA is a federal agency that falls under the Department of Homeland Security.
The Pennsylvania Criminal Intelligence Center shared CISA's advisory Wednesday and reminded security experts "to ensure the default '1111' password is not in use" on their networks, according to an email obtained by TribLive.
The center also recommended that systems' "programmable logic controllers," or PLCs, use multifactor authentication and update to the most current software.
No customers of Aliquippa's service lost access to water due to the attack, said Robert Bible, general manager of the Aliquippa Municipal Authority, in an interview with TribLive news partner WTAE.
Bible said the hackers targeted a small substation in Racoon Township. They disabled a device that is used to automatically control water levels at the authority's tanks, he said.
Bible did not return phone calls Wednesday to the municipal authority. Aliquippa Mayor Dwan B. Walker also could not be reached for comment.
CISA officials, in their Tuesday advisory, identified equipment hacked at the Pennsylvania utility as a "Unitronics Vision Series PLC with a Human Machine Interface (HMI)."
Unitronics, which is based in Israel and operates a U.S. office in Quincy, Mass., a Boston suburb, did not respond to numerous emails and phone calls this week seeking comment.
Pittsburgh-based Jewish security officials said they also have grappled with cybersecurity issues related to the conflict in the Middle East.
Pro-Palestinian hackers briefly took over the Jewish Federation of Greater Pittsburgh's feed last month on X, the platform formerly known as Twitter. After retaking control hours later, the federation deleted its X account.
The organization, which has offices in South Oakland, said the hack also affected its Facebook account.
"We are aware that the cyber threat environment is elevated right now," federation spokesman Adam Hertzman told TribLive. "So, it's terrible to hear (about Aliquippa) but it's, in some ways, not surprising."
"There are obviously nefarious actors out there targeting a variety of, according to them, related organizations and companies," he added.
Shawn Brokos, a retired FBI veteran who leads Jewish community security efforts for the federation in Pittsburgh, said she's been having "frequent conversations with the FBI" about infrastructure threats.
"We know critical infrastructure connected to the Jewish community is vulnerable right now," she said.
Brokos said the Aliquippa incident was the first incident of its kind she had heard about in the Pittsburgh area.
Government officials, both state and federal, remained tight-lipped Wednesday about investigating what happened in Aliquippa.
CISA "is aware of a reported intrusion into a Pennsylvania water utility," said Eric Goldstein, its executive assistant director for cybersecurity, in a prepared statement. "We are closely engaged with sector and interagency partners to understand this evolving situation and provide any necessary support or guidance."
A spokesman for the state police, which control and supervise the Pennsylvania Criminal Intelligence Center, answered every TribLive question by repeating that police had turned over the investigation to the FBI and the federal Department of Homeland Security.
"Our involvement was minimal," police spokesman Myles Snyder said.
The FBI also was also silent.
"We cannot confirm nor deny the existence of an investigation," said Catherine Coennen, the FBI spokeswoman in the Pittsburgh office.
© 2023 The Tribune-Review (Greensburg, Pa.). Distributed by Tribune Content Agency, LLC.
