Russian hackers claiming to be backed by the Kremlin are believed to have remotely accessed a Texas town’s water tower.
The suspected hack in the Texas Panhandle town in January would be the first-ever disruption of a US drinking water system by Russia, after Iran and China carried out similar attacks.
The hack in Muleshoe, a community of 5,000 not far from the New Mexico border, caused the tower to overflow with thousands of gallons for almost an hour, causing a state of emergency to be declared.
The hacking group allied with the Russian government identified themselves as the Cyber Army of Russia Reborn (CARR). The group posted a video on Telegram of the town’s water-control systems being manipulated, showing how they reset the controls.
‘We’re starting another raid on the USA. In this video, there are a couple of critical infrastructure objects, namely water supply systems,’ the message in Russian said, capped by a smiley face emoji.
The video then shows the hackers changing values and settings for the utilities’ control systems.
The group has previously conducted DDoS attacks on Ukrainian organizations and government agencies.
It’s unclear what effects the manipulation has had, but several local officials have acknowledged the cyberattacks while confirming some form of disruption.
For instance, Muleshoe’s city manager reportedly said in a public meeting that the attack on the town’s utility caused the tank to overflow.
Officials in the nearby towns of Abernathy, Hale Center, and Lockney also said they’d been ‘affected,’ with the well system for the former seen in the interface shown on the Telegram screen recording.
All three towns reportedly disabled the software overseeing their utilities to prevent its exploitation. Still, officials in each locale also insisted that customer service was never explicitly interrupted in each case.
That wasn’t the case for residents of Muleshoe, whose seminal water tower hemorrhaged water for between 30 and 45 minutes before operators could finally address the issue, doing so manually.
Footage from the scene on January 18 showed the damage left behind within that span, with thousands of gallons of fresh water seen going to waste.
The FBI is currently investigating the hacking activity, one of the officials told CNN.
A seasoned cybersecurity specialist from Google-owned Mandiant, meanwhile, told The Washington Post the hack was indeed the work of CARR – an org perhaps better known by its pseudonym of Sandworm.
The State Department has issued multimillion-dollar bounties for the capture of those associated with the group, known for briefly turning out the lights in parts of Ukraine on at least three occasions.
They were also able to hack the Olympics Opening Games in South Korea in 2018, and are credited with the creation of an advanced malware that was able to briefly shut off a Chernobyl safety system in 2017.
