Iranian Hackers use IOCONTROL malware to target OT, IoT Devices in US, Israel

A notorious Iranian state-sponsored hacking group, CyberAv3ngers, has been using custom-built malware (IOCONTROL) to target IoT and operational technology (OT) devices in the United States and Israel, according to cybersecurity firm Claroty. The group claims to be a hacktivist group, but the US Government and others have linked it to Iran’s Islamic Revolutionary Guard Corps (IRGC).?

According to Claroty, the IOCONTROL malware is a cyberweapon used by Iran to attack civilian critical infrastructure, including IoT, ICS and other OT devices, including IP cameras, routers, SCADA systems, PLCs, HMIs, and firewalls from vendors such as a Baicells, D-Link, Hikvision, Red Lion, Orpak, Phoenix Contact, Teltonika, and Unitronics.?

CyberAv3ngers has targeted industrial control systems (ICS) at water facilities in Ireland and the United States, including a water utility in Pennsylvania. In the Ireland attack, the hackers’ actions caused serious disruptions that led to the water supply being cut off for two days. Noteworthy, is that the attacks did not involve sophisticated hacking and instead relied on the fact that many organizations leave ICS exposed to the Internet and protected with default credentials that can be easily obtained.??????

The US Government is offering a reward of up to $10 million for information on CyberAv3ngers, which it has described as a persona used by the Iranian government to conduct malicious cyber activities.??

Read more here.

?