A water tower in a small Texas town overflowed in January, spilling tens of thousands of gallons into the streets. Now, Google-owned cybersecurity company Mandiant says the incident in Muleshoe may be the first hack into US water systems by Russia after infiltrators tied to one of that country's most well-known hacking groups claimed responsibility on Telegram, reports the Washington Post. The paper notes this could signify a "worrisome escalation" by Russia to go after important US infrastructure, with vulnerable water utilities as a prime target.
Muleshoe's city manager, Ramon Sanchez, tells CNN that the hackers somehow were able to log in remotely to an industrial software system that allowed them access to water tanks.
The Muleshoe tower hemorrhaged water for between 30 and 45 minutes before operators flipped it to manual mode and stopped the flooding. Mandiant chief analyst John Hultquist tells the Post that no one was hurt in Muleshoe and residents never lost access to water, with the attack apparently carried out by the infamous hacking group called Sandworm (apparently calling itself the Cyber Army of Russia Reborn in this case, or CARR). The group is believed to be linked to Russia's GRU military intelligence agency.
Hultquist says that, if confirmed, the hack appears to be expanding how Sandworm hits critical systems in various nations. Previously, the group has been accused of disrupting electrical service in Ukraine and hacking the opening ceremony at the 2018 Olympics in South Korea, among other cyberattacks. "Is GRU behind these attacks?" Hultquist asks, per the Post. "If it isn't GRU, whoever is doing this is working out of the same clubhouse. It's too close for comfort."
story continues below
CNN notes that the revelation of the Muleshoe incident perhaps makes a little clearer why US national security adviser Jake Sullivan implored state officials and water utilities last month to bolster their cybersecurity defenses—a task that's been tough for many of the nation's 150,000 public water systems due to cash and staffing issues. "Suspicious activity" on networks in towns near Muleshoe was also reported after the January incident, though no other major attacks took place. "Water utilities are being abused by adversaries taking advantage of low-hanging fruit—vulnerable services directly accessible from the internet," says Gus Serino, a water-sector cybersecurity expert. (More Russian hackers stories.)