Russia-linked hackers claim cyberattacks on U.S., French and Polish water utilities
A politically motivated hacking group behind a recent series of cyberattacks on water systems in the United States, Poland and France is now believed to be connected to the Russian military, researchers at security firm Mandiant warned Wednesday.
Why it matters: Water systems remain one of the most digitally insecure critical infrastructures, and a successful attack could allow hackers to tamper with drinking water and wastewater management.
Driving the news: Google Cloud-owned Mandiant said in a report Wednesday that a notorious Russian military hacking team known as Sandworm appears to have a direct relationship with several pro-Russia hacktivist groups.
- One of those is the Cyber Army of Russia, which has claimed responsibility for several cyberattacks on water systems this year.
- Sandworm is believed to have the ability to “direct and influence” the Cyber Army of Russia’s activities, per Mandiant.
Zoom in: In January, the Cyber Army of Russia posted in its Telegram channel that it had manipulated systems that control water supplies in several Texan towns and a wastewater utility in a Polish village.
- One such cyberattack in Muleshoe, Texas, resulted in hackers overflowing a water tower, sending tens of thousands of gallons of water into the street and drain pipes, per The Washington Post.
- Two other Texas towns also detected malicious activity on their networks around the same time as the Muleshoe attack, CNN reports.
- In March, the same hacking group shared a different video claiming it had broken into a French hydroelectric power station and could manipulate water levels.
Yes, but: Mandiant could not verify whether Sandworm was directly involved in these specific water system cyberattacks.
- A French newspaper reported Wednesday that the Russian hackers had targeted a French mill when they believed they were hacking into a hydroelectric dam.
The big picture: U.S. water systems have become a prime hacking target in recent years.
- Last fall, Iran-linked hackers broke into at least six U.S. water utilities.
- In November, a North Texas water utility serving 2 million people faced a cyberattack that hindered some operations.
Between the lines: However, the new suspected Russian cyberattacks would mark the first time that the Russian government has shown an interest in targeting U.S. water supplies.
- Sandworm has been tied to attacks on Ukrainian telecom providers and the campaign of French President Emmanuel Macron.
- Sandworm was also behind the notorious NotPetya malware attack that affected companies around the world and caused more than $1 billion in damages.
Zoom out: Water systems often lack the funding and human resources to maintain and practice basic cybersecurity.
- Last month, the White House and Environmental Protection Agency sent a letter to U.S. governors asking them to make water cybersecurity a top priority, according to CNN.