MWAA 2023 Water Utility Red vs. Blue scenario

Summary

The Municipal Water Authority of Aliquippa (MWAA) cyberattack from November 2023 is a significant incident that highlights the vulnerabilities in critical water infrastructure.

Here is a the AutoTableTop™ scenario that has more details associated with the document

MWAA

Red vs. Blue Scenario

Here is the mission briefing within Red vs. Blue:

A municipal water authority reported on November 25 of 2023 that one of their booster stations was compromised, leading to a temporary shutdown of its automated systems. The alleged attack vector had been the compromise of an internet-exposed HMI via the use of default credentials or password guessing, which enabled the attackers to gain control over a PLC. The threat actors then proceeded to abuse a vulnerability (CVE-2023-2003) to have the device display the message “You have been hacked. Down with Israel. Every equipment [sic] “made in Israel” is a Cyber Av3ngers legal target.” The attack was quickly identified and the PLC was disabled, switching to manual operation. No harm was reported to local residents reliant on the water supply.

Your mission is to secure this water treatment and pump station by improving your defenses, reducing risk by implementing policies and managing and procuring staff and budget. Much like Cyber Av3ngers, the threat actors are always looking for a way in. Will you identify weak and default credentials in your environment to prevent an incident like this or use any of the other tools at your disposal? Only time will tell…


You can win the game by doing any of the following:
eliminating all vulnerabilities within the assets on the network
increasing the threat intelligence score to 100%
outlasting the Red Team when the turns expire

THREATGEN Support Staff (specifically Grzegorz Piekarski)

And here is the network map that you will be working with as the Blue Team:

MWAA Red vs. Blue scenario network map
MWAA network map used within ThreatGEN® Red vs. Blue

Copyright © 2025 by Derezzed Inc. D/B/A ThreatGEN.

Categories