A hacking group with ties to the Russian government is suspected of carrying out a cyberattack in January that caused a tank at a Texas water facility to overflow, according to experts from US cybersecurity firm Mandiant. The hack occurred in the small town of Muleshoe and was part of a series of attacks in north Texas towns that prompted increased defensive measures and an FBI investigation. This incident highlighted the vulnerability of US water facilities to cyber threats and the need for improved defenses.
The cyber incidents in Texas were part of a wider trend of cyberattacks targeting water and wastewater systems throughout the United States. Concerns have been raised about the ability of public water systems to deal with hacking threats from criminal and state actors due to budget and personnel constraints. The attacks in Texas underscored the need for state governments and water facilities to enhance their cybersecurity measures in order to protect critical infrastructure.
Mandiant linked the hacker responsible for the Muleshoe attack to a notorious unit of Russia’s GRU military intelligence agency, known as Sandworm. The involvement of the GRU in this cyberattack would mark a significant escalation in targeting US critical infrastructure, as the group is known for focusing on Ukraine. Despite the incidents not impacting drinking water, they signaled a potential shift in tactics by Russian hackers towards US targets.
The hacking incidents in Muleshoe and nearby towns raised alarms about the security of industrial systems used by water utilities. The vulnerability of these systems to cyberattacks highlights the need for basic cybersecurity measures to be implemented across all public water systems. The EPA’s rescinding of a key cybersecurity regulation for public water systems highlighted the regulatory gaps that may have allowed these attacks to occur.
State officials have been advised by the Biden-Harris administration to set up security plans for protecting water systems from cyber threats. In response to the attacks, town officials in Lockney and Hale Center detected suspicious activity on their SCADA systems and took defensive measures to prevent any impact. The FBI is investigating the incidents, while the Russian Embassy has yet to comment on the allegations.
Mandiant’s report identified links between the cyberattack in Muleshoe and the GRU sabotage and spying unit, Sandworm. The use of online personas like CyberArmyofRussia_Reborn to amplify the impact of attacks is a common tactic employed by the group. The attackers sought to create a psychological impact through their actions, as evidenced by a video posted to their Telegram channel purporting to show manipulation of water valves in Muleshoe. The ongoing investigation and coordination between EPA and state authorities will be crucial in ensuring the security of water systems against cyber threats.
