Cybersecurity analysts have uncovered evidence of a Texas water treatment plant breach allegedly orchestrated by a group linked to Russian military hackers.
In January, hackers reportedly infiltrated a remote login system used for industrial software in Muleshoe, Texas, a community of approximately 5,000 residents. The system facilitates operator interaction with a water tank, Muleshoe City Manager Ramon Sanchez told CNN.
The water tank experienced overflow for approximately 30 to 45 minutes before authorities in Muleshoe disconnected the compromised system and resorted to manual operations.
The breach has prompted concerns about the vulnerability of U.S. water infrastructure to cyber threats.
According to a report released by Mandiant Security, a subsidiary of Google, the cyber sabotage unit is known as Sandworm.
“To date, no other Russian government-backed cyber group has played a more central role in shaping and supporting Russia’s military campaign,” per the Mandiant website.
If confirmed by U.S. officials, this incident would mark the first known instance of Russian hackers targeting U.S. water facilities, joining Iran and China as adversaries that have breached American water infrastructure in the past year.
The report highlighted screenshots purportedly showing a group affiliated with Sandworm manually manipulating water well control inputs via a persona named “CyberArmyofRussia_Reborn,” per CNN. While Mandiant could not verify all available claims, its analysis aligns with local reporting of the incident, indicating a potentially sophisticated cyber intrusion.
Sandworm, notorious for its previous targeting of Ukrainian infrastructure, gained international attention for its involvement in the NotPetya cyberattacks of 2017, which severely impacted U.S. critical infrastructure, per Mandiant. The group’s expanded focus on U.S. targets highlights the pressing need to bolster cybersecurity defenses in sectors like water treatment, which are deemed highly vulnerable to cyber compromises.
While the Biden administration has prioritized strengthening protections for water treatment facilities against cyber threats, challenges persist.
In October, the Environmental Protection Agency (EPA) faced resistance in its efforts to mandate cybersecurity evaluations for water systems during sanitation surveys, per CNN, prompting concerns about the sector’s readiness to confront evolving cyber risks.
According to the Mandiant report, the activities attributed to Sandworm by Mandiant also implicated water system compromises in France and Poland, underscoring the global reach and proliferation risk posed by such cyber threat actors.
Sandworm stands out as one of the most dangerous Russian threat actors, with profound implications for industrial control systems, according to InfoSec.
“Regulations have not required this low-hanging fruit to be addressed. … This shows a pretty clear need to handle the basics,” Gus Serino, president of security firm I&C, told CNN.
