Texas hacking may be first disruption of U.S. water system by Russia
In January, an alert citizen in Muleshoe, Tex., was driving by a park and noticed that a water tower was overflowing. Authorities soon determined the system that controlled the city’s water supply had been hacked. In two hours, tens of thousands of gallons of water had flowed into the street and drain pipes.
The hackers posted a video online of the town’s water-control systems and a nearby town being manipulated, showing how they reset the controls. In the video on the messaging platform Telegram, they called themselves Cyber Army of Russia Reborn (CARR).
“We’re starting another raid on the USA,” the video caption reads in Russian, with the hackers saying they would show how they exploited “a couple critical infrastructure facilities, namely water supply systems.” It was followed by a smiley face emoji.
That water tank overflow in a Texas panhandle town may well be linked to one of the most infamous Russian government hacking groups, the cybersecurity firm Mandiant said Wednesday.
If confirmed, analysts say it would mark a worrisome escalation by Moscow in its attempts to disrupt critical U.S. infrastructure by targeting one of its weakest sectors: water utilities.
The hacking group, which private sector analysts once dubbed Sandworm, has achieved notoriety for briefly turning out the lights in parts of Ukraine at least three different times; hacking the Olympics Opening Games in South Korea in 2018; and launching NotPetya, one of the most damaging cyberattacks ever that cost businesses worldwide tens of billions of dollars.
Although no one was hurt and service was not interrupted in Muleshoe, the prospect of Sandworm broadening its sites from Ukrainian power grids and French elections to American critical infrastructure is troubling, Mandiant chief analyst John Hultquist said.
The U.S. government assesses Sandworm to be part of the GRU, Russia’s military spy agency. [Continue reading…]