USNational Security

Russia-Linked Hackers Suspected of Attack on Texas Water Treatment Plant: Cybersecurity Firm

A water tank overflowed at a Texas water treatment facility due to a suspected hack.
Save
Russia-Linked Hackers Suspected of Attack on Texas Water Treatment Plant: Cybersecurity Firm
A man uses a website that monitors global cyberattacks at his office in Dongguan, Guangdong Province, China, on Aug. 4, 2020. (Nicolas Asfouri/AFP via Getty Images)
Katabella Roberts
4/18/2024
Updated:
4/18/2024
0:00
A group of hackers linked to the Russian government is suspected of being behind attacks on critical American infrastructure, including a Texas water treatment facility in January, according to a new report by cyber firm Mandiant.

The Russian hacking group Sandworm is likely responsible for the attack on the water system in Muleshoe, Texas, according to the report from the American cybersecurity firm, which is a subsidiary of Google.

That incident, which occurred on Jan. 18, saw the city’s water tank overflow and led to the discovery of a system malfunction that could not be controlled by city staff, according to officials.

It did not cause any service disruptions or serious damage, however.

According to Mandiant, the Sandworm group, which has reportedly been established since 2009 and also goes by the name “Frozen Barents” and “APT44” among others, is likely behind the attack.

The group is “sponsored by Russian military intelligence” and is a “dynamic and operationally mature threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations,” the cyber firm states.

Related Stories
Government Advisory Board Blames Microsoft’s ‘Culture’ for Chinese Hacks
4/3/2024
Government Advisory Board Blames Microsoft’s ‘Culture’ for Chinese Hacks
China Hacks Us and We Do Nothing
4/1/2024
China Hacks Us and We Do Nothing

Experts believe the group is likely connected to Russia’s largest foreign intelligence agency, the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU), commonly known as the Main Intelligence Directorate (GRU).

The group also appears to be associated with multiple pro-Russia hacktivist groups, including the Cyber Army of Russia—which has claimed responsibility for several cyberattacks on water systems across the globe this year—XAKNET, and Solntsepek.

Sandworm Can ‘Direct, Influence’ Hacking Groups

According to Mandiant, Sandworm has the ability to “direct and influence” the Cyber Army of Russia’s activities across multiple platforms.
The Cyber Army of Russia claimed responsibility for the attack on water tanks in Muleshoe and another city in Texas called Abernathy, on the encrypted instant messaging service Telegram, sharing a video in which they appeared to use the human-machine interface (HMI) to turn on the pumps, causing the tank water level to overflow.

The group has also taken credit for various other attacks, including those on Polish and French water utilities, according to Mandiant.

In 2020, the Department of Justice (DOJ) charged six men allegedly connected to the group with crimes including conspiracy, computer hacking, wire fraud, aggravated identity theft, and the false registration of a domain name.

At the time, officials said their hacking attacks were “intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize,” multiple nations including Ukraine, Georgia, and France,“ and that the hackers used ”some of the world’s most destructive malware to date.”

The six men were allegedly involved in incidents that included shutting down the power grid, the Ministry of Finance, and the State Treasury Service in Ukraine from December 2015 to December 2016. They were also accused of carrying out spearphishing campaigns and related hack-and-leak efforts targeting the political party of French President Emmanuel Macron in April and May 2017.

French President Emmanuel Macron (R) speaks with Russian President Vladimir Putin (L) before a meeting at the Chancellery on January 19, 2020 in Berlin, Germany. (Emmanuele Contini/Getty Images)
French President Emmanuel Macron (R) speaks with Russian President Vladimir Putin (L) before a meeting at the Chancellery on January 19, 2020 in Berlin, Germany. (Emmanuele Contini/Getty Images)

EPA Warns of Possible Attacks From China, Iran

Additionally, the group of men allegedly targeted worldwide businesses and critical infrastructure, Georgian companies and government entities, and the opening ceremony of the Pyeongchang Winter Olympics in 2017, according to the DOJ.

The Justice Department also accused the men of creating a virus called NotPetya, which officials said caused $10 billion in damage to computers worldwide.

The latest report from Mandiant comes just one month after the Environmental Protection Agency and National Security Council warned state leaders of potential attacks on America’s water infrastructure.

“Disabling cyberattacks are striking water and wastewater systems throughout the United States,” EPA administrator Michael Regan and national security adviser Jake Sullivan wrote in a letter to state governors. “These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities.”

Officials urged states to remain alert regarding possible attacks, particularly from Chinese or Iranian hackers, pointing to previous malicious cyberattacks against U.S. critical infrastructure entities, including drinking water systems.

“Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” they added.