A cybersecurity firm has found that a hacking group behind cyberattacks on water systems in the United States, Poland, and France is connected to the Russian military, specifically Unit 74455 of Russia’s GRU military intelligence agency. This group, known as Sandworm, has been linked to attacks on Ukrainian telecom providers and the NotPetya malware attack. Mandiant, which is a security firm owned by Google Cloud, discovered that Sandworm has a direct link with several pro-Russia hacktivist groups, including the Cyber Army of Russia Reborn (CARR), which has claimed responsibility for cyberattacks on water systems this year. The CARR was behind attacks on water systems in Texan towns and a wastewater utility in a Polish village, resulting in serious consequences such as the overflow of a water tower in Muleshoe, Texas, and manipulation of water levels in a French hydroelectric power station.
The Cyber Army of Russia Reborn has posted videos on Telegram showcasing their manipulation of human-machine interfaces in these attacks, with one video captioning that they were starting another raid on the USA and would exploit critical infrastructure facilities like water supply systems. These attacks have caught the attention of the FBI, which is currently investigating the incidents. Mandiant reported that Sandworm had a role in creating the CARR group, although it is unclear if the group is a cover persona for Sandworm or a distinct group operating independently. Despite the link to Sandworm, the CARR group appears to be more aggressive and reckless than other Russian operators targeting the United States, actively manipulating operational technology systems in a highly aggressive manner. In addition to targeting water systems in other countries, Russian hackers have also attempted to breach critical infrastructure facilities in the United States.
U.S. water systems have increasingly become targets for hacking, with Iranian-linked operators breaching at least six American utilities last year and the North Texas Municipal Water District experiencing a cyberattack in November. Following these incidents, the White House and the Environmental Protection Agency sent a letter to U.S. governors urging them to enhance cybersecurity defenses on water facilities. This escalation of cyberattacks on water systems raises concerns about potential vulnerabilities and the need for increased cybersecurity measures to protect critical infrastructure. The connection between the Cyber Army of Russia Reborn and Sandworm, a group linked to Russia’s military agency, underscores the seriousness of these attacks and the implications for national security. The FBI and other relevant authorities are closely monitoring these developments to prevent further malicious activity targeting water systems in the U.S. and other countries.
