A new report from the internet company Mandiant suggests that a group of hackers with ties to the Russian government is suspected of plotting attacks on critical infrastructure in the United States, including a water treatment facility in Texas in January.
According to a report from a subsidiary of Google, the Russian hacker group known as Sandworm is likely responsible for the attack on the water system in Muleshoe, Texas.
Officials stated that the incident occurred on January 18th, causing an overflow in the city’s water tank, resulting in a system malfunction that was beyond the control of municipal staff.
However, this incident did not lead to any service disruptions or significant damages.
Mandiant claims that the Sandworm group, also known as “Frozen Barents” and “APT44,” has been in operation since 2009 and is believed to be the mastermind behind this attack.
The internet company describes this hacker organization as being “sponsored by the Russian military intelligence department” and as a “dynamic and operationally mature threat actor actively engaging in a broad spectrum of espionage, attack, and influence operations.”
Experts believe that this organization may have ties to Russia’s largest foreign intelligence agency, the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
The organization appears to have connections with multiple pro-Russian hacker groups, including the Cyber Army of Russia, which has claimed responsibility for multiple cyber-attacks on global water systems this year, as well as XAKNET and Solntsepek.
Mandiant states that Sandworm has the capability to “command and influence” the activities of Russia’s cyber army on various platforms.
The Russian cyber army claimed on the encrypted instant messaging service Telegram that they attacked the water tank in Muleshoe and another city named Abernathy in Texas, sharing a video showing them using a human-machine interface to open pumps, causing water to overflow from the tanks.
According to Mandiant, the organization has also been accused of various other attacks, including targeting water companies in Poland and France.
In 2020, the Department of Justice charged six men allegedly associated with this organization with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false domain name registrations.
Officials stated that their hacking activities were “intended to support Russian government efforts to disrupt, retaliate, or otherwise destabilize the stability of multiple countries, including Ukraine, Georgia, and France,” using some of the world’s most advanced and destructive malware.
The events in which these six men were involved included the shutdown of the Ukrainian power grid, finance department, and national bank from December 2015 to December 2016, as well as leaking activities against French President Emmanuel Macron’s party in April and May 2017.
The Department of Justice also alleged that these individuals targeted global companies, critical infrastructure, Georgian entities, and the opening ceremony of the 2017 PyeongChang Winter Olympics.
The Justice Department further accused them of creating a virus called NotPetya, which officials claim caused $10 billion in global computer damages.
Mandiant’s latest report was released just a month ago, as the Environmental Protection Agency and the National Security Council warned state leaders about potential attacks on U.S. water infrastructure.
In a letter to state governors, EPA Administrator Michael Regan and National Security Advisor Jake Sullivan wrote, “Cyber actors are launching debilitating cyber-attacks against water supply and sewage treatment systems nationwide,” noting that these attacks could disrupt the critical lifeline of clean and safe drinking water, causing significant losses to affected communities.
Officials urged states to remain vigilant against potential attacks, especially from Chinese or Iranian hackers, highlighting previous malicious cyber-attacks on U.S. critical infrastructure entities, including drinking water systems.
They added, “Drinking water and wastewater systems are a key target for cyber-attacks as they represent critical infrastructure sectors that often lack the resources and technical capabilities to enforce stringent cybersecurity practices.”