Outrage as hackers reveal they remotely accessed tiny town’s water tower and forced it to hemorrhage for nearly one hour before being caught | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

[ad_1]

  • If true, the hack would be the first-ever disruption of a US water system by Russia
  • Others like Iran and China have already been accused, and feds are investigating
  • A hacking group allied with the Russian government took credit for the scandal

Russian hackers linked to the Kremlin are said to have remotely accessed a Texas town’s water tower, according to reports.

If legitimate, the hack in the little-known Panhandle town this past January would constitute the first-ever disruption of a US water system by Russia, as others like Iran and China have already been called out.

It happened in Muleshoe, a community of 5,000 not far from the New Mexico border, and caused the tower to overflow water over the course of almost an hour.

It subsequently sent thousands of gallons into the surrounding streets and drain pipes below, causing a state of emergency – after which a hacking group allied with the Russian government seemingly took credit for the scandal. 

Identifying themselves as the Cyber Army of Russia Reborn (CARR), they posted a video online of the town’s water-control systems being manipulated, showing how they reset the controls.

Scroll down for video: 

If legitimate, the hack in the little-known Panhandle town in January would constitute the first disruption of a US water system by Russia. Pictured, a screen recording showing how Cyber Army of Russian Reborn accessed buttons on the area’s water utility interface
The incident happened in Muleshoe, a community of 5,000 not far from the New Mexico border, and caused the tower to overflow water over the course of two hours.

‘We’re starting another raid on the USA,’ the video caption read in Russian, as shadowy figures claiming to be Putin-aligned frenetically clicked buttons controlling the town and surrounding region’s water utility interface.

‘In this video there are a couple of critical infrastructure objects, namely water supply systems,’ the ominous message continued, capped by a smiley face emoji. 

The video then shows the hackers clicking around the interface, changing values and settings for the utilities’ control systems. 

Aired on the Telegram, the message touted CARR – a group who in the past has conducted DDoS attack Ukrainian organizations and government agencies in support of its wartime adversary – as the organization responsible. 

It’s currently unclear what effects the manipulation has had, but several local officials have acknowledged the cyberattacks, while confirming some form of disruption.

The city manager for Muleshoe, instance, reportedly said in a public meeting that the attack on the town’s utility is what caused the tank to overflow.    

Officials in the nearby towns of Abernathy and Hale Center also said they’d been ‘affected,’ with the well system for the former seen in the interface flaunted on the Telegram screen recording

All three, as well as nearby Lockney, reportedly disabled the software overseeing their utilities to prevent its exploitation, but officials in each locale also insisted service to customers in each case was never explicitly interrupted. 

The incident occurred on January 18, and saw this tower seized remotely by hackers claiming to be part of group associated with the Russian government
Officials in the nearby towns of Abernathy and Hale Center also said they’d been ‘affected,’ with the well system for the former seen in the interface flaunted on the Telegram screen recording
Footage from the scene January 18 showed the damage left behind within that span, with thousands of gallons of fresh water seen going to waste in the desert landscape
Footage from the scene January 18 showed the damage left behind within that span, with thousands of gallons of fresh water seen going to waste

That wasn’t the case for residents of Muleshoe, whose seminal water tower hemorrhaged water for somewhere between 30 and 45 minutes before operators were finally able to address the issue, doing so manually

Footage from the scene January 18 showed the damage left behind within that span, with thousands of gallons of fresh water seen going to waste.

The FBI is currently investigating the hacking activity, one of the officials told CNN. 

A seasoned cybersecurity specialist from Google-owned Mandiant, meanwhile, told The Washington Post the hack was indeed the work of  CARR – an org perhaps better known by its pseudonym of Sandworm.

The State Department has issued multimillion-dollar bounties for the capture of those associated with the group, known for briefly turning out the lights in parts of Ukraine on at least three occasions.  

They were also able to hack the Olympics Opening Games in South Korea in 2018, and are credited with the creation of an advanced malware that was able to  briefly shut off a Chernobyl safety system in 2017.

The nuclear power station in Pripyat, Ukraine, was destroyed by a reactor explosion in 1986, sparking the worst radiation fuel leak of all time. It now sits entombed in a huge concrete sarcophagus, but is constantly monitored to check for further leaks. 

Chernobyl is pictured on April 26. The group – who in the past has conducted DDoS attack Ukrainian organizations and government agencies in support of its wartime adversary – was accused of taking the ruined nuclear power station’s radiation monitor offline in 2017
Novator Business center, 22 Kirova Street, Khimki, Moscow, is thought to be the headquarters of the Sandworm group of hackers

The ransomware was also used to attack systems overseeing the 2017 French Elections, US officials have said – citing billions of dollars of losses incurred as a result.

A spokesperson said that time that employees were forced to patrol the vicinity of the plant and monitor the radiation with hand-held meters. 

Mandiant chief analyst John Hultquist on Wednesday said the attack in January could heighten tensions between Moscow and Washington, and shows how Sandworm – now calling itself CARR – is broadening its targets to include American infrastructure.

He also said he and his colleagues observed social media accounts being created on YouTube for CARR using servers associated with Sandworm, and that CARR had been posting Ukrainian government data stolen by Sandworm hackers on Telegram.

He also reiterated the belief that the CARR is solely a front for The GRU – the Russian intelligence agency that remained in place following the collapse of the Soviet Union.

Members of the KGB replacement were charged in for the Chernobyl attack, with the State Department framing them as members of the group.

‘We’ve been saying for a long time that CARR is just a front for the GRU,’ Hultquist told the Post as the apparent cyber attack continues to be probed.

Mandiant chief analyst John Hultquist (pictured) said the attack in January could raise tensions between Moscow and Washingon, and shows how Sandworm – now calling itself CARR – is broadening its targets to include American infrastructure
He also said he and his colleagues observed social media accounts being created on YouTube for CARR using servers associated with Sandworm [CARR’s pseudonym], and that CARR had been posting Ukrainian government data stolen by Sandworm hackers on Telegram
He also reiterated the belief that the CARR is solely a front for The GRU – the Russian intelligence agency that remained in place following the collapse of the Soviet Union

‘Then we see them take credit for these acts in the U.S. against water utilities. Is GRU behind these attacks? If it isn’t GRU, whoever is doing this is working out of the same clubhouse. It’s too close for comfort.’ 

The group previously went by the names Telebots, Voodoo Bear and Iron Viking.  They are also known as Unit 74455.

U.S. Attorney Scott W. Brady for the Western District of Pennsylvania described Sandworm’s actions as ‘representing the most destructive and costly cyber-attacks in history.’ 

Brady added, ‘The crimes committed by Russian government officials were against real victims who suffered real harm. We have an obligation to hold accountable those who commit crimes – no matter where they reside and no matter for whom they work – in order to seek justice on behalf of these victims.’ 

‘Time and again, Russia has made it clear: They will not abide by accepted norms, and instead, they intend to continue their destructive, destabilizing cyber behavior,’ said FBI Deputy Director David Bowdich in 2022.

Members of the KGB replacement were charged in for the Chernobyl attack, with the State Department framing them as members of the group. A federal investigation into the incident remains ongoing

The Biden administration has also that intelligence indicated that new state sponsored Russian cyber attacks were forthcoming.

The Kremlin, meanwhile, has lept mum about its alleged connection to the terror group, rejecting accusations that Russia and Russian special services were responsible for any ‘hacking attacks, especially against the Olympics.’

Feds’ and town officials’ investigation into the January incident, as of writing, remains ongoing. 

 

[ad_2]

——————————————————–


Click Here For The Original Story From This Source.

.........................

National Cyber Security

FREE
VIEW