A Texas water facility became a target of a suspected Russian government-linked hacking group in January, which led to the overflow of a tank, according to reports by a leading US cybersecurity firm, Mandiant. This cyber incursion into the water systems of Muleshoe, Texas, highlights the growing cybersecurity vulnerabilities in the nation’s public water systems, echoing concerns raised by US national security adviser Jake Sullivan about the necessity for improved cyber defenses across such critical infrastructure.
An examination of cybersecurity firm reports and official statements draws a disturbing picture of the United States’ cyber vulnerabilities. In what appears to be an escalation in the cyber activities of Russian groups often focused on Ukrainian targets, the hacking group Sandworm, known for its affiliation with Russia’s GRU military intelligence, has been linked to this attack and other suspicious cyber activities.
Muleshoe, with a population of approximately 5,000, experienced the overflow incident due to hackers infiltrating a remote login system for industrial software that manages water tanks. The attack did not compromise the drinking water supply but revealed the fragility of the public water systems, which, according to officials, have struggled with resources to counter persistent hacking threats.
The incident in Muleshoe was not isolated. It set off alarms in nearby towns like Lockney and Hale Center, where officials detected “suspicious activity” on their networks and took preventive measures to thwart any potential breaches.
Sandworm, notorious for disruptive cyberattacks, such as the blackouts in Ukraine in 2015 and 2016, has now been identified by Mandiant as APT 44, a sophisticated threat actor. The group’s reach has extended beyond Ukraine, with disruptive cyber operations linked to the United States, Poland, and France. This places Sandworm at the forefront of national security concerns, as it is considered one of the most capable and dangerous state-backed hacking groups.
Relevant articles:
– Russia-linked hacking group suspected of carrying out cyberattack on Texas water facility, cybersecurity firm says
– Mandiant: Notorious Russian hacking unit linked to breach of Texas water facility, CyberScoop, Wed, 17 Apr 2024 16:44:39 GMT
– Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities, WIRED, Wed, 17 Apr 2024 10:00:00 GMT
– Russian hackers breached, sabotaged Texas water treatment plant, cyber firm says, Nextgov/FCW, Wed, 17 Apr 2024 16:36:00 GMT