(Credit: Bill Oxford via Getty)
A little-known hack of a water facility in Texas may be the work of Russian state-sponsored hackers, according to new findings from security researchers.
Google-owned Mandiant today published a report linking the water facility hack to Sandworm, also known as APT44, a hacking group that allegedly works within Russia’s military intelligence.
In January, city officials in the small town of Muleshoe, Texas, disclosed the water facility hack, which caused a water tank to overflow. At the same time, a hacktivist group dubbed CyberArmyofRussia_Reborn posted on its Telegram channel about gaining control of the water systems at Muleshoe, along with another town called Abernathy and water facilities in Poland.
As proof, CyberArmyofRussia_Reborn posted a video, demonstrating it had control over the Texas water facility computer systems. With the help of Google, Mandiant has since uncovered evidence that the hacktivist group has ties to Sandworm, a Russian operation that has been blamed for launching cyberattacks to disrupt Ukraine’s power plants and the 2018 Winter Olympics in South Korea.
The evidence includes CyberArmyofRussia_Reborn trying to create a YouTube channel using internet infrastructure linked to Sandworm activity. Mandiant had also spotted CyberArmyofRussia_Reborn publishing data over its Telegram channel that was stolen through previous Sandworm attacks.
In another case, the hacktivist group even made claims referencing a cyberattack before Sandworm actually carried it out. As a result, both Google’s security team and Mandiant conclude that Sandworm created and is possibly controlling CyberArmyofRussia_Reborn.
That said, Mandiant couldn’t definitively conclude that Sandworm directed the hack of the water facility in Texas. Wired reports it’s possible Sandworm created CyberArmyofRussia_Reborn, but allows the hacktivist group to operate independently. Still, the findings underscore the threat that foreign government hackers pose to US critical infrastructure.
In November, the US initially warned that Iranian hackers were targeting US water facilities. Then in March, the Environmental Protection Agency issued another alert, saying Chinese state-sponsored hackers had also been spotted trying to infiltrate US critical infrastructure.
Mandiant’s report adds that Sandworm has largely targeted Ukrainian networks, including deploying “destructive” malware attacks that can corrupt fleets of computers. Still, the company warns that the hacking group could widen its attacks to other countries.
"We therefore assess that changing Western political dynamics, upcoming elections, and emerging issues in Russia’s near abroad will also continue to shape APT44’s operations for the foreseeable future,” Mandiant says.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
