• Home
  • cyber
  • Aliquippa Water Utility and Unitronics: Tech in Asia - Connecting Asia's startup ecosystem
cyber Cyber Attack

Aliquippa Water Utility and Unitronics: Tech in Asia - Connecting Asia's startup ecosystem

Feb 9, 2026 2 min read
Aliquippa Water Utility and Unitronics: Tech in Asia - Connecting Asia's startup ecosystem

Cyberattack on U.S. Water Utility Highlights Critical Infrastructure Vulnerabilities

A recent cyberattack targeted a small water utility in Aliquippa, Pennsylvania, disrupting operations and exposing gaps in the security of U.S. critical infrastructure. The incident, which occurred in late November 2023, involved the hacking of a booster station used to regulate water pressure in the town’s system.

The attack was attributed to an Iranian-linked hacking group known as Cyber Av3ngers, which claimed responsibility for compromising the facility’s industrial control system (ICS). The group exploited a default password vulnerability in Unitronics programmable logic controllers (PLCs), a widely used component in water and wastewater management systems. While no physical damage or contamination was reported, the breach forced manual operation of the affected station, underscoring the risks of inadequate cybersecurity in essential services.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory in response, warning other utilities about the threat and urging immediate action to secure vulnerable systems. The attack follows a pattern of increasing cyber threats to water facilities, including a 2021 incident in Florida where hackers attempted to poison a city’s water supply by manipulating chemical levels.

This incident serves as a stark reminder of the growing sophistication of state-sponsored and criminal cyber actors targeting critical infrastructure, with potential consequences for public safety and national security.

Source: https://www.techinasia.com/news/singapore-telcos-hit-cyberattack-data-leaked

LB Water cybersecurity rating report: https://www.rankiteo.com/company/lb-water-service-inc

Unitronics - PLC & Automation products cybersecurity rating report: https://www.rankiteo.com/company/unitronics_2

"id": "LB-UNI1770623869",
"linkid": "lb-water-service-inc, unitronics_2",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"
{'affected_entities': [{'industry': 'Critical Infrastructure / Water '
                                    'Management',
                        'location': 'Aliquippa, Pennsylvania, USA',
                        'name': 'Aliquippa Water Utility',
                        'size': 'Small',
                        'type': 'Water utility'}],
 'attack_vector': 'Exploitation of default password vulnerability',
 'date_detected': '2023-11',
 'description': 'A recent cyberattack targeted a small water utility in '
                'Aliquippa, Pennsylvania, disrupting operations and exposing '
                'gaps in the security of U.S. critical infrastructure. The '
                'incident involved the hacking of a booster station used to '
                'regulate water pressure in the town’s system. The attack was '
                'attributed to an Iranian-linked hacking group known as Cyber '
                'Av3ngers, which exploited a default password vulnerability in '
                'Unitronics programmable logic controllers (PLCs). While no '
                'physical damage or contamination was reported, the breach '
                'forced manual operation of the affected station.',
 'impact': {'operational_impact': 'Forced manual operation of the affected '
                                  'station',
            'systems_affected': 'Booster station (industrial control system)'},
 'lessons_learned': 'Highlights risks of inadequate cybersecurity in critical '
                    'infrastructure and the growing sophistication of '
                    'state-sponsored cyber threats.',
 'motivation': 'State-sponsored (Iran-linked)',
 'post_incident_analysis': {'root_causes': 'Exploitation of default password '
                                           'vulnerability in Unitronics PLCs'},
 'recommendations': 'Immediate action to secure vulnerable systems, especially '
                    'those using default passwords in industrial control '
                    'systems.',
 'references': [{'source': 'U.S. Cybersecurity and Infrastructure Security '
                           'Agency (CISA)'}],
 'regulatory_compliance': {'regulatory_notifications': 'CISA advisory issued'},
 'stakeholder_advisories': 'CISA issued an advisory warning other utilities '
                           'about the threat.',
 'threat_actor': 'Cyber Av3ngers',
 'title': 'Cyberattack on U.S. Water Utility Highlights Critical '
          'Infrastructure Vulnerabilities',
 'type': 'Cyberattack',
 'vulnerability_exploited': 'Default password in Unitronics programmable logic '
                            'controllers (PLCs)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.