The US cybersecurity agency CISA on Wednesday reiterated a warning that unsophisticated methods can be used to hack industrial control systems (ICS) and other operational technology (OT). Even so, some threat actors appear to be making exaggerated claims when it comes to attacks on such systems.

A pro-Israel hacktivist group known as Red Evil and We Red Evils — known to target Hamas, Lebanon and Iran — this week claimed to have compromised water systems used by Hezbollah, the Lebanese political party and paramilitary group.

Specifically, the hackers claimed they had received intelligence on the water systems used by Hezbollah for its underground bases in Lebanon. The threat actor claimed to have taken control of supervisory control and data acquisition (SCADA) software associated with 14 water facilities in southern Lebanon and Beirut, and managed to change chlorine levels, suggesting that the goal was to cause harm to Hezbollah members.

The claims come less than two weeks after pagers and other communication devices used by Hezbollah members exploded in what is believed to be an Israeli operation targeting the group. 

It’s not uncommon for hacktivists to claim that they have or could have caused significant damage after taking control of ICS. Human-machine interfaces (HMIs) and programmable logic controller (PLC) administration interfaces are often left exposed to the internet and are either completely unprotected or accessible with easy-to-guess default passwords.

While in many cases hackers do in fact gain access to these types of ICS panels, it’s not uncommon for them to exaggerate the potential impact of their attacks. This may the case with the recent Red Evil attacks as well.

Michael Langer, chief product officer at Israeli ICS security company Radiflow, told SecurityWeek that the screenshots posted by the hackers in an attempt to demonstrate their claims don’t provide actual proof. 

Langer noted that it’s indeed possible to easily access internet-exposed HMIs and pointed out that Lebanon is not a country that puts a lot of emphasis on securing its OT systems. Nevertheless, the HMIs targeted by the hackers could be located anywhere in the world — there is no indication that they are associated with systems in Lebanon. In addition, even if they did hack water systems in the country, changing chlorine levels is in many cases not easy. 

“There should be additional physical safety systems as part of standard water station implementation [that should prevent chlorine level changes],” Langer told SecurityWeek. 

Instead of a significant ICS hacking operation, this is more likely an influence/misinformation operation conducted by Red Evil, the expert believes. 

The news came amid reports that Israel may have hacked Lebanon’s telecoms networks to warn civilians via text messages and calls about upcoming attacks targeting Hezbollah buildings in their villages and neighborhoods. 

News of the Red Evil operation coincided with CISA warning that threat actors continue to exploit ICS/OT systems through unsophisticated means, including in the water sector. The agency has urged organizations to review guidance developed following a series of attacks launched in recent years by pro-Russia hacktivists. 

Related: Researcher Says Healthcare Facility’s Doors Hackable for Over a Year

Related: Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities

Related: Unpatched Vulnerabilities Expose Riello UPSs to Hacking: Security Firm