A hack that caused a small Texas town’s water system to overflow in January has been linked to a shadowy Russian hacktivist group, the latest case of a US public utility becoming a target of foreign cyberattacks. The attack was one of three on small towns in the rural Texas Panhandle. Local officials said the public was not put in any danger and the attempts were reported to federal authorities. “There were 37,000 attempts in four days to log into our firewall,” said Mike Cypert, City Manager of Hale Center, which is home to about 2,000 residents. The attempted hack failed as the city “unplugged” the system and operated it manually, he added.
In Muleshoe, about 60 miles to the west and with a population of about 5,000, hackers caused the water system to overflow before it was shut down and taken over manually by officials, city manager Ramon Sanchez reported. “The incident was quickly addressed and resolved,” Sanchez said in a statement, according to KAMC-TV. “The city’s water disinfectant system was not affected, and the public water system nor the public was in any danger.”
See: https://redskyalliance.org/xindustry/little-cybersecurity-funds-for-rural-water-systems
At least one of the attacks was linked to a shadowy Russian hacktivist group that it said could be working with or part of a Russian military hacking unit. The group, calling itself CyberArmyofRussia_Reborn, claimed responsibility for January 2024 attacks on water facilities in the United States and Poland that got little attention at the time. Cybersecurity researchers say CyberArmyofRussia_Reborn was among groups suspected of Russian government ties that engaged last year in low-complexity attacks against Ukraine and its allies, including Denial-of-Service (DoS) data barrages that temporarily knock websites offline.
Sometimes such groups claim responsibility for attacks that were actually carried out by Kremlin military intelligence hackers, Microsoft reported in December 2023. Cypert, the Hale Center City Manager, said he has turned information over to FBI and the Department of Homeland Security. The FBI declined to comment, and the Cybersecurity and Infrastructure Security Agency, a branch of DHS, referred questions to the cities that were targeted.
In Lockney, about 25 miles east of Hale Center and home to around 1,500 people, cyber attackers were sopped before they could access that town’s water system, city manager Buster Poling said. “It didn’t cause any problems except being a nuisance,” Poling said.
In 2023 CISA put out an advisory following November 2023 hacks on US water facilities attributed to Iranian state groups who said they were targeting facilities using Israeli equipment. Deputy national security adviser Anne Neuberger said in December 2023 that attacks by Iranian hackers as well as other ransomware attacks on the health care industry should be seen as a ‘call to action’ by utilities and industry to tighten cybersecurity.
See: https://redskyalliance.org/xindustry/us-infrastructure-plan-lacking-cyber-security
In March 2024, Environmental Protection Agency Administrator Michael S. Regan and Jake Sullivan, assistant to the president for National Security Affairs, sent a letter to the nation’s governors asking them to take steps to protect the water supply, including assessing cybersecurity and planning for a cyberattack. “Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” Regan and Sullivan wrote.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
Comments