Iran-aligned hacktivists Cyber Av3ngers compromised operations at a Pennsylvania water authority last weekend.

Known for targeting critical infrastructure, the group took partial control of a Municipal Water Authority of Aliquippa water booster station. Officials with the authority, which serves approximately 7,000 households in and around Aliquippa, said the attack did not affect its drinking water supply or treatment operations.

The group claiming responsibility was reportedly targeting systems made by Israeli company Unitronics and made similar global attacks recently at nearly a dozen stations in Israel.

Steve Disney, executive director of the Bradford City Water and Bradford Sanitary authorities, confirmed the equipment and systems compromised in Aliquippa are not those used in operations here.

“Both authorities take protecting our critical infrastructures very seriously and have made significant investments over the last several years on hardware and software upgrades as well as continuous firewall and security patches to combat potential threats and attacks,” Disney said.

Further, he explained the Bradford City Water Authority and Bradford Sanitary Authority enforce proper cybersecurity practices such as multi-factor authentication (MFA), network monitoring, requirements for password complexity, local and off-site backups and quarterly training for employees.

“The Bradford City Water Authority and Bradford Sanitary Authority are very aware of the ongoing and ever-changing cybersecurity threat landscape that we live in today,” Disney stated.

He said both authorities are active members of the Pennsylvania Water/Wastewater Agency Response Network (PaWARN) — a mutual aid network established for utilities that have sustained damage. Member water or water-treatment plants incurring physical damage or operational disruptions from natural or man-made events — such as cybersecurity attacks — can obtain emergency assistance whether personnel, equipment or materials.

Disney added authority personnel routinely receive alerts, messages and threat updates and “participate in a wealth of cyber-training sessions from PaWARN, Pennsylvania Rural Water Association and The Pennsylvania Municipal Authorities Association.”

Meanwhile, the authorities ask the community to remain vigilant and aware of surroundings.

“If you see something that appears to be suspicious, individuals trespassing on authority properties, or a security threat to water and wastewater infrastructure, please call 911 immediately,” he said.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation’s Pittsburgh field office are assisting Pennsylvania State Police with the criminal investigation in Aliquippa.