In brief: Russia is believed to have carried out its first attack on a US water system following an incident in a small Texas town. Sandworm, which has ties with Vladimir Putin's government, is suspected of a hack that caused a water tower to overflow.
In January, a resident in the small town of Muleshoe, north Texas, noticed that a water tower was overflowing. Tens of thousands of gallons of water flowed into the streets and drains in what the authorities determined was due to the water supply control system being hacked.
The Washington Post reports that the hackers posted a video on Telegram of the town's water-control systems and a nearby town being manipulated, showing how they hacked it and reset the controls. The attackers called themselves the Cyber Army of Russia Reborn (CARR).
"We're starting another raid on the USA," the video caption reads in Russian.
Muleshoe's city manager, Ramon Sanchez, said the hackers brute-forced the password for the system's control system interface, which was run by a vendor. The password hadn't been changed in more than a decade. At least two other towns in the area that were subjected to attempted hacks used the same vendor.
Google-owned cybersecurity company Mandiant said that the Russian government-backed group Sandworm was likely behind the attack. The group, suspected to be part of Russia's GRU spy agency, has been supporting Russia's military campaign in Ukraine. Sandworm has disrupted the country's energy grid at least three times (even before Russia invaded the country), hacked the Olympic Games in South Korea in 2018, ran spear phishing campaigns aimed at disrupting the 2017 French elections, and launched the notorious NotPetya ransomware that caused global chaos in 2017.
Mandiant says that social media accounts were created on YouTube for CARR using servers associated with Sandworm. It also observed CARR posting data stolen from the Ukrainian government by Sandworm hackers.
The US charged six Russian intelligence officers believed to be part of Sandworm in 2020 over various crimes, including the creation of NetPetya and disrupting the 2016 US presidential elections.
This isn't the only attack on a US water facility by a foreign adversary. There was a cyberattack on a Pennsylvania water plant in November that US officials blamed on Iran. It took advantage of a default manufacturer password on certain operational technology that had not been changed.
The incidents have led to calls from national security adviser Jake Sullivan for the country's 150,000 public water systems to boost their defenses against hacks.
Masthead: Nils Huenerfuerst