Summary
The Municipal Water Authority of Aliquippa (MWAA) cyberattack from November 2023 is a significant incident that highlights the vulnerabilities in critical water infrastructure.
Here is a the AutoTableTop™ scenario that has more details associated with the document

Red vs. Blue Scenario
Here is the mission briefing within Red vs. Blue:
A municipal water authority reported on November 25 of 2023 that one of their booster stations was compromised, leading to a temporary shutdown of its automated systems. The alleged attack vector had been the compromise of an internet-exposed HMI via the use of default credentials or password guessing, which enabled the attackers to gain control over a PLC. The threat actors then proceeded to abuse a vulnerability (CVE-2023-2003) to have the device display the message “You have been hacked. Down with Israel. Every equipment [sic] “made in Israel” is a Cyber Av3ngers legal target.” The attack was quickly identified and the PLC was disabled, switching to manual operation. No harm was reported to local residents reliant on the water supply.
THREATGEN Support Staff (specifically Grzegorz Piekarski)
Your mission is to secure this water treatment and pump station by improving your defenses, reducing risk by implementing policies and managing and procuring staff and budget. Much like Cyber Av3ngers, the threat actors are always looking for a way in. Will you identify weak and default credentials in your environment to prevent an incident like this or use any of the other tools at your disposal? Only time will tell…
You can win the game by doing any of the following:
eliminating all vulnerabilities within the assets on the network
increasing the threat intelligence score to 100%
outlasting the Red Team when the turns expire
And here is the network map that you will be working with as the Blue Team:

Copyright © 2025 by Derezzed Inc. D/B/A ThreatGEN.