report published Cybersecurity firm Mandiant claimed last week that a hacker group linked to the Russian government attacked water utilities around the world, including a treatment facility in the north Texas town of Muleshoe.
The hackers were allegedly able to cause the tank to overflow and waste some water, but did not endanger the health of residents.
Mandiant tracked the exploits of a group designated by security experts as Advanced Persistent Threat (APT) 44. In an online manifesto, the group calls itself “Sandworm” and “Frozen Barents” and describes itself as a group of “hacktivists” who support Russia’s invasion of Ukraine. It works similarly with various other aliases and front groups.
Mandiant said APT44 is actually “supported by Russian military intelligence” and operates far beyond the Ukrainian theater. The group is not a loose collection of political activists, but “a dynamic, operationally mature threat actor actively engaged in a full range of espionage, attack, and influence operations,” including interfering in foreign elections. The group claimed that.
“While most state-sponsored threat groups tend to specialize in specific missions, such as gathering intelligence, disrupting networks, and conducting information operations, APT44 has focused on how to hone each of these capabilities and “It stands out in terms of how it seeks to integrate time into an integrated strategy,” Mandiant said.
The report states that APT44 is responsible for “nearly all subversive operations against Ukraine over the past decade,” and has recently shifted its focus to intelligence-gathering operations that could support forward-deployed Russian military units.
However, the “Sandworm” does not only directly support the Russian army. Among other malicious activities, the Kremlin appears to be using skills developed in attacks on Ukraine’s infrastructure to carry out exploratory attacks on critical public works in countries the Kremlin considers threats or rivals. . At the same time, the Russian military is developing defenses against exactly the kind of sabotage that APT44 pioneered.
According to Mandiant, the group calls itself “CyberArmyofRussia_Reborn” attacked He attacked the Muleshoe water treatment plant on January 18 and took credit for the assault on the Telegram messaging platform shortly afterwards. The credit claim was accompanied by a screen capture of what appeared to be compromised water management software.
Mandian analysts were fairly certain that CyberArmyofRussia_Reborn was a front group or puppet group for APT44, but US intelligence had not yet formally made that determination.
Although this attack was relatively harmless, flooding the water tank without compromising local water quality, the fact that it was successful represents a disturbing escalation in cyberwarfare capabilities. Hackers from various countries have been conducting investigative operations against infrastructure for years, but the hackers themselves typically do not attract attention. The Texas riots could also be seen as a warning shot from Moscow that direct attacks on water, power, and other critical infrastructure are no longer beyond the pale.
This hack was far from sophisticated. Three other small towns in Texas also reported break-in attempts on the same night. One of them, Hale Center, report There were 37,000 attempts to break into the firewall over a four-day period.
Hale Center City Manager Mike Cypert thwarted the attack. driving I went into his office, literally disconnected the city’s water management computers from the internet, ran everything manually for several days, and turned over the security logs to the FBI and the Department of Homeland Security (DHS) for investigation. Investigators have traced many of Hale’s 37,000 hits to his center’s firewall to a location in St. Petersburg, Russia.
Other towns, Lockney and Abernathy, said they were able to stop the hackers before they could access their city water systems. City officials said the hackers were able to enter city systems through a virtual network connection, but were detected and blocked within 30 seconds, and attempts to change some system passwords were aborted.
“It didn’t cause any problems other than being a nuisance,” Lockney City Manager Buster Pauling said.
The front group that reportedly attacked the Muleshoe water treatment plant also claims to have carried out similar attacks in France, and security researchers believe it also sabotaged a water treatment plant in Poland.
“This is the nightmare scenario for many defense experts. Bad actors and nation-states no longer need to rely on bullets and missiles. could be tampered with or shut down,” determined Bob Huber, chief security officer at Tenable, another cybersecurity company.
“OT” stands for Operational Technology, a computer system that controls industrial and utility equipment.
The Environmental Protection Agency (EPA) and the National Security Agency (NSA) caveat In March, it reported to state governors that foreign hackers were attempting to sabotage water and wastewater facilities across the United States.
“These attacks can disrupt critical lifelines of clean, safe drinking water and impose significant costs on affected communities,” the EPA and NSA warned.
The alert points out that Iranian and Chinese hackers are likely culprits, and points out that the attack is of enormous scale. Chinese cyber espionage One example of this threat is known as the “Bolt Typhoon.” Both Iranian and Chinese state-backed hackers have been attacking U.S. public systems over the past six months.
“The water sector is resource-poor and under siege from three fronts: now Iran, China and Russia,” said John Hultquist, principal analyst at Mandiant Intelligence, in a report on the Muleshoe hack. I mentioned it when it was announced.
Andy Bennett, a former Texas state cybersecurity official and chief technology officer at Apollo Information Systems, said Axis of Oppression hackers often work in small towns to hone their skills before tackling larger targets. I guessed it was an attack on the system. He thought they might be trying to instill fear in rural communities.
“Small towns in America feel safe, but when their water supply is compromised, that goes back to normal,” Bennett said. Said Bloomberg News.
