Security experts at Mandiant, a part of Google Cloud, have raised alarms over a series of cyberattacks targeting water utilities in the United States, Poland, and France, which they now attribute to Russian military-associated hackers. This revelation underscores the vulnerability of critical water infrastructure and highlights the growing geopolitical dimensions of cybersecurity threats.
The group identified in these cyberattacks, known as Sandworm, is allegedly connected with the Russian military and has reportedly collaborated with pro-Russia hacktivist groups like the Cyber Army of Russia. These affiliations suggest a coordinated effort to disrupt essential services in multiple countries, leveraging cyber tactics to potentially tamper with public water systems.
According to Mandiant's report released Wednesday, there is compelling evidence that Sandworm could "direct and influence" the operations of the Cyber Army of Russia. This group has openly claimed responsibility for several disruptive cyberattacks this year, including incidents where water supply systems were manipulated in Texas and a wastewater facility in Poland.
In January, an alarming incident occurred in Muleshoe, Texas, where hackers reportedly caused a water tower to overflow, spilling tens of thousands of gallons into streets and drains. Similar malicious activities were detected in two other Texan towns around the same timeframe, pointing to a broader pattern of targeted cyber intrusions.
Further expanding the scope of these cyber threats, the Cyber Army of Russia claimed to have accessed a French hydroelectric power station's systems in March, boasting the capability to manipulate water levels. However, a French newspaper later reported that the hackers mistakenly targeted a mill instead of a hydroelectric dam.
While Mandiant has not confirmed Sandworm's direct involvement in these specific attacks, the implications of such cyber intrusions are profound. U.S. water systems have increasingly become targets for international cyberattacks, with incidents linked to Iran and other entities in recent years. For instance, last fall, Iranian-linked hackers infiltrated several U.S. water utilities. A North Texas water utility was compromised in November, affecting its operations.
These series of cyberattacks have prompted federal agencies to act. The White House and the Environmental Protection Agency have urged U.S. governors to prioritize cybersecurity for water systems, reflecting the critical need for enhanced protective measures.
This emerging pattern of cyberattacks by state-associated actors like Sandworm represents a significant escalation in the cybersecurity threats facing public infrastructure. It highlights international actors' strategic targeting of essential services and the urgent need for robust cybersecurity defences to safeguard public utilities against increasingly sophisticated threats.