The Municipal Water Authority of Aliquippa in Pennsylvania faced a cyberattack targeting an industrial control system (ICS) associated with water pressure regulation, with hackers taking control of a Unitronics Vision system, a programmable logic controller (PLC) and human-machine interface (HMI). Cyber Av3ngers, an anti-Israel group possibly linked to Iran, claimed responsibility, exploiting known vulnerabilities in the Unitronics PLC and the widespread issue of poorly secured HMIs accessible via the internet. CISA attributed the breach to weak password security and internet exposure rather than specific vulnerabilities, typical of hacktivist tactics targeting easily accessible vulnerabilities. To safeguard Unitronics PLCs, CISA advised changing default passwords, implementing multi-factor authentication, securing remote access, avoiding direct internet exposure, backing up configurations, altering default ports, and applying device updates. These attacks on water utilities underscore the critical need for enhanced cybersecurity measures in the water and wastewater sector, as emphasized by CISA’s free vulnerability scanning service aimed at protecting such critical systems from cyber threats.