The hack that flooded the water system of a small Texas town in January has been linked to a shadowy Russian hacking group, marking the latest instance in which a U.S. utility has been targeted by a foreign cyberattack.
The attack was one of three in a rural town in South Texas, where local authorities said residents were not in danger and that the attempted attack had been reported to federal authorities.
“We had 37,000 attempts to log into our firewall over a four-day period,” said Mike Cypert, mayor of Hale Center, a city of about 2,000 residents about 40 miles north of Lubbock. The hacking attempts were unsuccessful because the city “unplugged” the system and operated it manually, he added.
In Mule Shoe, a town of about 5,000 people about 60 miles west of Bailey County, hackers flooded the water system, which was then shut down and staff took over manually, Mayor Ramon Sanchez told CNN. The mayor did not immediately return a call from The Associated Press seeking comment.
“This incident was quickly addressed and resolved,” Sanchez said in a statement, according to Lubbock-based ABC affiliate KAMC-TV. “The City’s water disinfection system was not affected and no public water system or residents were put at risk.”
US cybersecurity firm Mandiant said this week that at least one attack was the work of a shadowy Russian hacker group it said may be linked to or part of the Russian military’s hacking unit.
The group, calling itself CyberArmyofRussia_Reborn, claimed responsibility for January attacks on water facilities in the United States and Poland that received little attention at the time.
CyberArmyofRussia_Reborn is one of several groups suspected to have ties to the Russian government that conducted low-complexity attacks against Ukraine and its allies last year, including a denial-of-service attack that temporarily knocked websites offline, cybersecurity researchers said.
Microsoft reported in December that such groups have sometimes claimed responsibility for attacks that were actually carried out by Kremlin military intelligence hackers.
Hale Center Mayor Cypert said he has turned the information over to the FBI and the Department of Homeland Security.
The FBI declined to comment, and the Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, referred questions to the targeted cities.
In Rockney, a town of about 1,500 people about 25 miles east of Hale Center, cyberattackers were thwarted before they could access the town’s water system, Mayor Buster Poling said.
“There were no issues other than it was a nuisance,” Poling said.
CISA issued the advisory last year after a November hack of U.S. water utilities allegedly carried out by an Iranian state group that targeted facilities using Israeli equipment.
Deputy national security adviser Anne Neuberger said in December that the attack by Iranian hackers, along with a series of other ransomware attacks on the health care sector, should be seen as a call for utilities and industry to step up their cybersecurity.
In March, EPA Administrator Michael Regan and National Security Advisor Jake Sullivan wrote to governors across the country urging them to take steps to protect water resources, including evaluating their cybersecurity and preparing for cyberattacks.
“Drinking water and wastewater treatment systems are vital critical infrastructure sectors that often lack the resources and technical capacity to implement rigorous cybersecurity measures, making them attractive targets for cyber attacks,” Regan and Sullivan wrote.
Ken Miller, The Associated Press
