A hack that caused a small Texas town’s water system to overflow in January has been linked to a shadowy Russian hacktivist group, the latest case of a U.S. public utility becoming a target of foreign cyberattacks.
The attack was one of three on small towns in the rural Texas Panhandle. Local officials said the public was not put in any danger and the attempts were reported to federal authorities.
“There were 37,000 attempts in four days to log into our firewall,” said Mike Cypert, city manager of Hale Center, which is home to about 2,000 residents. The attempted hack failed as the city “unplugged” the system and operated it manually, he added.
In Muleshoe, about 60 miles to the west and with a population of about 5,000, hackers caused the water system to overflow before it was shut down and taken over manually by officials, city manager Ramon Sanchez told CNN. He did not immediately respond to phone calls from The Associated Press seeking comment.
“The incident was quickly addressed and resolved,” Sanchez said in a statement, according to KAMC-TV. “The city’s water disinfectant system was not affected, and the public water system nor the public was in any danger.”
At least one of the attacks was linked this week by Mandiant, a U.S. cybersecurity firm, to a shadowy Russian hacktivist group that it said could be working with or part of a Russian military hacking unit.
The group, calling itself CyberArmyofRussia_Reborn, claimed responsibility for January attacks on water facilities in the United States and Poland that got little attention at the time.
Cybersecurity researchers say CyberArmyofRussia_Reborn was among groups suspected of Russian government ties that engaged last year in low-complexity attacks against Ukraine and its allies, including denial-of-service data barrages that temporarily knock websites offline.
Sometimes such groups claim responsibility for attacks that were actually carried out by Kremlin military intelligence hackers, Microsoft reported in December.
Cypert, the Hale Center city manager, said he has turned information over to FBI and the Department of Homeland Security.
The FBI declined to comment, and the Cybersecurity and Infrastructure Security Agency, a branch of DHS, referred questions to the cities that were targeted.
In Lockney, about 25 miles (40 kilometers) east of Hale Center and home to around 1,500 people, cyberattackers were thwarted before they could access that town’s water system, city manager Buster Poling said.
“It didn’t cause any problems except being a nuisance,” Poling said.
Last year CISA put out an advisory following November hacks on U.S. water facilities attributed to Iranian state groups who said they were targeting facilities using Israeli equipment.
Deputy national security adviser Anne Neuberger said in December that attacks by Iranian hackers — as well as a separate spate of ransomware attacks on the health care industry — should be seen as a call to action by utilities and industry to tighten cybersecurity.
In March, Environmental Protection Agency Administrator Michael S. Regan and Jake Sullivan, assistant to the president for National Security Affairs, sent a letter to the nation’s governors asking them to take steps to protect the water supply, including assessing cybersecurity and planning for a cyberattack.
“Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” Regan and Sullivan wrote.
Learn More at SecurityWeek’s ICS Cybersecurity Conference
Related: US Government Issues Guidance on Securing Water Systems
Related: US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities
