The cyber attack on Texas’ water supply in January was carried out by a hacking group with ties to the Russian government. This is what security researchers from Mandiant say.
During the attack in January, cyber criminals managed to take control of a water tank in Muleshoe, a village in Texas. The attackers were able to break into a remote login system for industrial software that can control the water tank, manager Ramon Sanchez told CNN. The attackers were then able to flood the tank. Only after half an hour to 45 minutes could the machine be taken offline and work continued manually. The affected software system has now been replaced. However, the attack was not an isolated incident; Suspicious activity was found in the networks in two other Texas towns. Preventive measures were then taken.
Security company Mandiant thinks now know who is behind the attack. The company has found a Telegram channel of a hacker group called APT44, also known as Sandworm and Frozenbarents. Between January 17 and 18, videos were shared there in which members of the group claim they can manipulate human machine interfaces used to control operational technology in Polish and American water utilities. The attack took place two weeks later. Mandiant therefore suspects that this group is behind the attack, although according to analysts at the company it is difficult to be certain. It could also be other Russian-speaking hackers using the same persona.
APT44 is sponsored by the Russian military intelligence services, according to Mandiant. The group is involved in espionage, attacks and influencing. The hacker group is best known for cyber attacks in Ukraine in 2015 and 2016, which knocked out electricity in parts of the country.
