A recent advisory from US federal agencies obtained by CNN revealed that pro-Russia hackers have targeted multiple water plants in the US in cyberattacks that have impacted a wider range of victims than previously known. While the attacks have not affected drinking water, they have exposed the vulnerabilities of the thousands of water systems across the country that often lack the resources and personnel to safeguard against threats. The document highlights the urgent need for water authorities to enhance their cybersecurity defenses, echoing a call made by US national security adviser Jake Sullivan in March.
Investigations into the cyberattacks have revealed that the targeted facilities had outdated equipment connected to the internet with weak passwords, making it easy for hackers to breach sensitive networks responsible for water treatment and industrial operations. The advisory, set to be released publicly by the Cybersecurity and Infrastructure Security Agency and the FBI, covers a series of recent cyberattacks carried out by Russian-speaking hackers that have raised concerns due to the hackers’ willingness to infiltrate US industrial plants using simple attack techniques. US officials have been advising critical infrastructure firms to remove industrial equipment from the internet to prevent exploitation by hackers.
The attacks have not only affected water facilities but have also impacted other sectors such as food and agriculture, demonstrating the scope and severity of the hacks. The FBI and CISA have responded to several US water and wastewater facilities that experienced physical disruptions caused by the hackers. The hackers deployed tactics such as altering settings, turning off alarms, and changing passwords to disrupt operations and lock out operators. However, affected facilities were able to restore normal operations by cutting off public internet access to their industrial computers.
Russian-speaking hackers have claimed responsibility for the cyberattacks, which began in January and have continued in recent weeks. Using Telegram, a Russian social media platform, the hackers have created and shared videos to exaggerate the impact of their attacks. While there are links between a Russian military intelligence unit and the online infrastructure used by the hackers, it remains unclear whether the attacks were conducted by Russian government-affiliated hackers or Russian-speaking cybercriminals. Regardless, US officials view the incidents as part of Russia’s ongoing harboring of hackers targeting critical infrastructure, with Moscow denying allegations of providing a safe haven for hackers.
The cyberattacks on US water facilities are part of a broader trend of opportunistic attacks on critical infrastructure. In addition to alleged Russian hacks, Iranian hackers breached Israeli-made industrial equipment at US water facilities in November, displaying anti-Israel slogans on computer screens. While the attacks did not affect drinking water, they have underscored the need for increased resources and defenses in the water sector. Lawmakers have called for more federal support to bolster cybersecurity defenses in water plants and environmental protection agencies to protect against future attacks.
The recent cyberattacks have prompted greater public attention and improvements in cybersecurity measures within the water sector. The Water Information Sharing and Analysis Center, an industry hub for cyber threat data and best practices, has reported increased membership from facilities providing water to most of the US. Water utilities like the Municipal Water Authority of Aliquippa have highlighted the importance of investing in cybersecurity defenses, with the general manager emphasizing that any money spent to prevent attacks is worthwhile. He recounted the costs incurred to recover from a cyberattack and expressed plans to request a vulnerability assessment of the entire operation from federal authorities.
