{ "id": "1e9a4ad1-c9ca-438a-9652-8eb7f6e639f9", "created_at": "2026-04-06T00:09:51.030336Z", "updated_at": "2026-04-10T03:25:41.228459Z", "deleted_at": null, "sha1_hash": "570d48403d77e93728df5a6655f96fa326cca58d", "title": "Two-day water outage in remote Irish region caused by pro-Iran hackers", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 86851, "plain_text": "Two-day water outage in remote Irish region caused by pro-Iran\r\nhackers\r\nBy Alexander Martin\r\nPublished: 2023-12-11 · Archived: 2026-04-05 14:31:58 UTC\r\nResidents of a remote area on Ireland’s west coast were left without water last week due to a cyberattack\r\nperpetrated by a pro-Iran hacking group targeting a piece of equipment the hackers complained was made in\r\nIsrael.\r\nThe incident affected a private group water scheme in the rural Erris area of County Mayo, which has a total\r\npopulation of around 8,000 people spread out over just under 1,000 square kilometers — about 0.5% the\r\npopulation of Manhattan in an area 20 times its size.\r\n“The attack saw outages for approximately 160 households over two days, and was as a result of the exploitation\r\nof a vulnerability in a particular type of programmable logic controller,” a spokesperson for Ireland’s Department\r\nof the Environment, Climate and Communications (DECC) told Recorded Future News on Monday.\r\nThe spokesperson added: “This exploitation was carried out on a global basis, and there is no suggestion that\r\nservices in Ireland were specifically targeted. The NCSC [National Cyber Security Centre] and An Garda\r\nSíochána are engaging with the affected entity.”\r\nThe incident appears to be the latest perpetrated by the Cyber Av3ngers group, who local media reported had left a\r\nmessage on the affected computer network saying it had been conducted because the water system used the Israel-made Unitronics tool.\r\nThe Irish government said that the country’s NCSC has now “identified all of the equipment in Ireland vulnerable\r\nto this attack, and notified the owners.”\r\nLast month, the U.S. federal government warned that it was responding to the active exploitation of Unitronics\r\nprogrammable logic controllers (PLCs) that are used by many organizations in the water sector.\r\nThe same PLCs are likely in use in other industries, including energy, food and beverage manufacturing, and\r\nhealthcare. The devices are often exposed to the internet due to the remote nature of their control and monitoring\r\nfunctionalities, authorities and cybersecurity researchers have said.\r\nAmong those affected in the U.S. was the Municipal Water Authority of Aliquippa — which serves thousands of\r\ncustomers in communities northwest of Pittsburgh — although in that instance there was no loss of water service.\r\nThe attacks followed just a month after Republican lawmakers and water industry companies forced the U.S.\r\nEnvironmental Protection Agency (EPA) to back off efforts to add cybersecurity to annual state-led Sanitary\r\nSurvey Programs that evaluate water systems across the U.S.\r\nhttps://therecord.media/water-outage-in-ireland-county-mayo\r\nPage 1 of 3\n\nLawsuits against the rules were backed by two powerful industry groups — the American Water Works\r\nAssociation and the National Rural Water Association— which argued that the EPA should allow utilities to create\r\ntheir own requirements.\r\nOn Monday, the U.S. Cybersecurity and Infrastructure Security Agency added the Unitronics bug to its Known\r\nExploited Vulnerabilities catalog, assigning it CVE-2023-6448.\r\nThe advisory warned that “Unitronics Vision Series PLCs and HMIs [Human Machine Interfaces] use default\r\nadministrative passwords.”\r\n“An unauthenticated attacker with network access to a PLC or HMI can take administrative control of the\r\nsystem,” the agency said.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/water-outage-in-ireland-county-mayo\r\nPage 2 of 3\n\nAlexander Martin\r\nis the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and a fellow\r\nat the European Cyber Conflict Research Initiative, now Virtual Routes. He can be reached securely using Signal\r\non: AlexanderMartin.79\r\nSource: https://therecord.media/water-outage-in-ireland-county-mayo\r\nhttps://therecord.media/water-outage-in-ireland-county-mayo\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://therecord.media/water-outage-in-ireland-county-mayo" ], "report_names": [ "water-outage-in-ireland-county-mayo" ], "threat_actors": [ { "id": "daf2219f-08f1-44ef-9245-9a062ceff7a4", "created_at": "2023-11-08T02:00:07.120507Z", "updated_at": "2026-04-10T02:00:03.419124Z", "deleted_at": null, "main_name": "Cyber Av3ngers", "aliases": [], "source_name": "MISPGALAXY:Cyber Av3ngers", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434191, "ts_updated_at": 1775791541, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/570d48403d77e93728df5a6655f96fa326cca58d.pdf", "text": "https://archive.orkl.eu/570d48403d77e93728df5a6655f96fa326cca58d.txt", "img": "https://archive.orkl.eu/570d48403d77e93728df5a6655f96fa326cca58d.jpg" } }