A hacking group with ties to the Russian government is suspected of carrying out a cyberattack in January that caused a tank at a Texas water facility to overflow, experts from US cybersecurity firm Mandiant said Wednesday. The attack took place in Muleshoe, Texas, and coincided with other towns in north Texas taking precautionary defensive measures after detecting suspicious cyber activity on their networks. The FBI has been investigating the hacking activity, and this incident is a rare example of hackers using access to sensitive industrial equipment to disrupt operations at a US water facility.
Following the cyberattack in Muleshoe, US national security adviser Jake Sullivan issued a public appeal to state officials and water authorities to improve their cyber defenses against the threat of cyberattacks on water and wastewater systems. US officials have been concerned that many of the country’s public water systems are struggling to deal with hacking threats from criminal and state actors due to lack of resources and personnel. It was noted that the recent hacking incidents in Texas did not affect drinking water in the towns involved.
The hacking incidents in Texas gained attention when it was discovered that the hackers linked to the Muleshoe attack were using a channel on Telegram where previous hacking activity was carried out by a notorious unit of Russia’s GRU military intelligence agency. However, it is unclear whether the GRU was directly involved in the cyberattack on Muleshoe’s water facility or if other Russian-speaking hackers using the same persona were claiming responsibility for the hack. If confirmed, this would mark an escalation in targeting US critical infrastructure for a Russian group known for focusing on Ukraine.
The EPA was forced to rescind a key cybersecurity regulation for public water systems last October following a legal challenge from Republican attorneys general. This regulation could have put simple measures in place to prevent recent attacks on water systems, according to White House deputy national security adviser Anne Neuberger. The Biden-Harris administration has since advised state officials on setting up security plans to protect water systems from hacks.
The hack in Muleshoe set off concern in the region, as neighboring towns also detected suspicious cyber activity on their industrial computer networks. Lockney and Hale Center officials reported attempted cyberattacks on their SCADA systems, but were able to catch the threats early and prevent any impact. The FBI has been involved in investigating the hacking incidents, and town officials believe the hackers may have been operating from a foreign country.
Mandiant’s report found links between the GRU sabotage and spying unit known as Sandworm and online infrastructure used by hackers using the persona “CyberArmyofRussia_Reborn.” Sandworm is known for disruptive cyberattacks in Ukraine, and the CyberArmyofRussia_Reborn group posted a video claiming responsibility for the Muleshoe attack on their social media channel. This group is known for emphasizing psychological impact through their hacking activities. Officials are continuing to investigate the incidents and are coordinating with state authorities to ensure the security of water systems against cyber threats.
