Florida’s St. Johns River Water Management District confirmed a recent cyberattack, adding to concerns about nation-state threats to critical infrastructure nationwide.
The agency, responsible for managing the state’s water resources, identified suspicious activity and implemented containment measures. The attack comes amidst warnings from U.S. officials about Iranian hackers targeting Unitronics programmable logic controllers (PLCs) used in water treatment plants.
At least 10 water facilities across the U.S. have been targeted, raising concerns about the vulnerability of critical infrastructure. Hackers linked to the Iranian government’s Islamic Revolutionary Guard Corps (IRGC) are exploiting default credentials in Unitronics devices and disrupting operations. A cybersecurity advisory urges water utilities to secure their systems and update firmware to avoid potential attacks.
The St. Johns River Water Management District does not have direct control over individual water utility technology. The hackers behind the attacks have pledged to target entities with ties to Israel and boast of attacks on Israeli water treatment plants. At least 539 Unitronics PLCs remain exposed to the internet, putting them at risk. This incident highlights the growing need for robust cybersecurity measures to protect critical infrastructure from nation-state attacks.