A hacking group with ties to the Russian government is suspected of carrying out a cyberattack in January that caused a tank at a Texas water facility to overflow, according to experts from US cybersecurity firm Mandiant. The hack in the small town of Muleshoe, in north Texas, coincided with at least two other towns in north Texas taking precautionary defensive measures after detecting suspicious cyber activity on their networks, town officials revealed. The FBI has been investigating the hacking activity.
The attack was a rare example of hackers using access to sensitive industrial equipment to disrupt regular operations at a US water facility, following a separate cyberattack last November on a Pennsylvania water plant that US officials blamed on Iran. The incidents in Texas highlight the need for state governments and water facilities to improve their defenses against cyber threats.
The hackers broke into a remote login system for industrial software in Muleshoe, allowing them to interact with a water tank and causing it to overflow for about 30 to 45 minutes. The town officials quickly took the hacked industrial machine offline and switched to manual operations to prevent further damage. Steps were taken to secure the network and replace the hacked software system.
Experts emphasize the importance of addressing vulnerabilities in water utilities, as many systems remain exposed to cyber threats due to lack of regulations and resources. The EPA had to rescind a key cybersecurity regulation for public water systems, which could have prevented recent attacks, following a legal challenge. The Biden-Harris administration has advised state officials on enhancing security measures for water systems.
The FBI is investigating similar suspicious cyber activity in other towns in the region, including Lockney and Hale Center, where hackers attempted to breach SCADA systems overseeing water plants. While the threats were detected early and mitigated, concerns remain about potential future attacks.
Mandiant's report linked the cyberattack in Muleshoe to a Russian GRU sabotage and spying unit known as Sandworm, which has a history of disruptive cyberattacks in Ukraine. The group uses online personas to amplify the impacts of their hacks for psychological effect.
The incidents underscore the growing threat of cyberattacks on critical infrastructure and the need for enhanced cybersecurity measures to protect water systems from malicious actors.
