Russia-backed hacking group suspected of attack on US water system

midian182

midian182

Posts: 9,752   +121
Staff member
In brief: Russia is believed to have carried out its first attack on a US water system following an incident in a small Texas town. Sandworm, which has ties with Vladimir Putin's government, is suspected of a hack that caused a water tower to overflow.

In January, a resident in the small town of Muleshoe, north Texas, noticed that a water tower was overflowing. Tens of thousands of gallons of water flowed into the streets and drains in what the authorities determined was due to the water supply control system being hacked.

The Washington Post reports that the hackers posted a video on Telegram of the town's water-control systems and a nearby town being manipulated, showing how they hacked it and reset the controls. The attackers called themselves the Cyber Army of Russia Reborn (CARR).

"We're starting another raid on the USA," the video caption reads in Russian.

Muleshoe's city manager, Ramon Sanchez, said the hackers brute-forced the password for the system's control system interface, which was run by a vendor. The password hadn't been changed in more than a decade. At least two other towns in the area that were subjected to attempted hacks used the same vendor.

Google-owned cybersecurity company Mandiant said that the Russian government-backed group Sandworm was likely behind the attack. The group, suspected to be part of Russia's GRU spy agency, has been supporting Russia's military campaign in Ukraine. Sandworm has disrupted the country's energy grid at least three times (even before Russia invaded the country), hacked the Olympic Games in South Korea in 2018, ran spear phishing campaigns aimed at disrupting the 2017 French elections, and launched the notorious NotPetya ransomware that caused global chaos in 2017.

Timeline of Sandworm incidents (credit: Mandiant)

Mandiant says that social media accounts were created on YouTube for CARR using servers associated with Sandworm. It also observed CARR posting data stolen from the Ukrainian government by Sandworm hackers.

The US charged six Russian intelligence officers believed to be part of Sandworm in 2020 over various crimes, including the creation of NetPetya and disrupting the 2016 US presidential elections.

This isn't the only attack on a US water facility by a foreign adversary. There was a cyberattack on a Pennsylvania water plant in November that US officials blamed on Iran. It took advantage of a default manufacturer password on certain operational technology that had not been changed.

The incidents have led to calls from national security adviser Jake Sullivan for the country's 150,000 public water systems to boost their defenses against hacks.

Masthead: Nils Huenerfuerst

Permalink to story:

Russia-backed hacking group suspected of attack on US water system

 
Some people familiar with USSR claim that international terrorism went down when USSR fell apart.
I think a lot of problems, hacker groups, and conflict can be gone when Russia
falls apart again. Seriously, they have so much in their earth, metals, minerals,
they could build a beautiful European country not once but twice.
All wasted on less than 200 men controlling most wealth owning both land and lives. A lot of Russians who sign into the army can use internet, and they understand well what their chances are to die or become disabled. But poverty in smaller cities is so bad that they happily take this chance. And it is not poverty alone, it is being trained like animals. Trained to obey, trained to not protest and self-organize for pretty much any social service. This regime that Putin has been quietly building over 20 years is something like a horrible monster wearing human skin. The west convinced itself it is a human indeed even though the pieces of dead skin were falling off time to time, in 1994, then 2008, 2014, and 2022 when the monster dropped its dead skin proudly doing war crimes as horrible as those committed in WW2.
Every last ordinary Russian is a slave, an obedient tool to the regime. And every last of them would be better off if Russia stopped existing in its current borders. It would be even better if someone "kindly" took away every last of their nukes, tanks, and AK47.
It is a shame civilized world pretended they do not see what Russia is doing for so long. It literally took invading a peaceful neighboring country and committing horrible war crimes to actually enable real sanctions on her. Every last human on the planet will benefit from Russia being no more. They will never stop attacking smaller countries, poisoning people, trying to do damage to things like this water supply system. And the best or maybe worst yet, there is a way to end it. The way lies in giving the nation that stands against alone between it and civilized world for the last 2.5 years.
Long live Ukraine, and may Russia find peace, in pieces.
 
  • Like
Reactions: axiomatic13 and Underdog
There was a time when our CIA had enough assets within Russia to directly deal with these trouble makers. We need to once again re-build the agency and let them do their job so the rest of the world would be a safer place AND be sure they are not focusing on domestic targets which are NOT part of their mission.
 
  • Like
Reactions: BuckarooBonzaii, bwbeam and trparky
themastergoose said:
Further proof that certain items (especially if tied to say water, power and natural gas) have no use or benefit being connected to the internet.
Click to expand...

Thats so stupid to write.

You can control things remotely, which is a good thing and does not need a person to be in a place for 24/7

The bad thing is that it's hooked bad onto the internet, used a outdated and never changed password, and was being bruteforced for weeks months.

The whole security setup implementation was just wrong.

If they would have allowed access control, so who gains access to the login panel for example and ONLY over a VPN by staff, the situation would have looked completely different.

 
  • Like
Reactions: Gezzer and GodisanAtheist
The idea that connecting to the internet is a problem, is only true if they're connecting to the public internet. There's simply no reason to do that. There are methods that can totally isolate a WAN and the only down side is extra cost. Which is the real problem. Security will always take a back seat to keeping costs down, with eventually results as shown...
 
trparky said:
What other Internet is there?
Click to expand...
The internet is simply computers and routers connected by IP numbers and the DNS servers that convert domain names into those numbers. There are other networks using the same backbone who are not publicly accessible. The dark web is a perfect example.
 
Gezzer said:
The internet is simply computers and routers connected by IP numbers and the DNS servers that convert domain names into those numbers. There are other networks using the same backbone who are not publicly accessible. The dark web is a perfect example.
Click to expand...
But when most people think of the Internet, they think of the public Internet.
 
You must log in or register to reply here.

Similar threads

Shawn Knight
White House warns of cyberattacks targeting critical US water systems
Replies
3
Views
173
Athlonite
Athlonite
midian182
Russia warns US, again: SpaceX satellites used for military purposes may become targets
2
Replies
28
Views
604
Endymio
Endymio
midian182
Ikea announces Brännboll: a new gaming furniture line blending style and function
Replies
3
Views
133
vimann
vimann

Latest posts

Back