Russian hacktivists increasingly attacking US water and energy, researchers warn


Researchers have observed increasing threat activity from two Russian hacktivist groups attacking US energy and water sectors. In one incident, the hackers attacked a water treatment plant in Stanton, Texas, opening valves and releasing untreated water.

Cybersecurity firm Cyble warns that two Russian groups – the People’s Cyber Army and Z-Pentest – went well beyond the DDoS attacks and website defacements that hacktivist groups typically engage in.

They post videos on Telegram showing alleged tampering with control panels of industrial systems in the oil, gas, and water sectors, which can lead to disruption, downtime, or even physical threats to the environment.

ADVERTISEMENT

Z-Pentest appeared on the radar only in October, but in two months, the black hats claimed ten attacks, all involving control panels in critical infrastructure environments. This group claims to be from Serbia. Most of their posts on social media include salutes to Russia.

“Z-Pentest’s most recent claim involved disrupting critical systems at an oil well site, including systems responsible for water pumping, petroleum gas flaring, and oil collection,” Cyble researchers shared in the report.

As proof, the hacktivists released a 6-minute video detailing the screenshots of the facility’s control systems, including tank setpoints, vapor recovery metrics, and other operating dashboards.

The gang previously claimed two other US oil facilities, the locations of which corresponded with known companies. In the videos, Z-Pentest also demonstrated a range of operational controls.

In such cases, organizations are left to rely on safety features, which are often included in programmable logic controllers (PLCs), to prevent damage.

“The fact that such environments are accessible to threat actors is nonetheless concerning,” Cyble researchers said.

Worryingly, in multiple instances, hackers were selling credentials for energy network access on the dark web before significant breaches and attacks occurred.

People’s Cyber Army, also known as the Cyber Army of Russia Reborn, similarly targets critical infrastructure controls, and there is some evidence that the two groups may be working together.

ADVERTISEMENT

In late August and September, the gang released screen recordings of attacks at the Stanton Water Treatment Plant in Stanton, Texas, and New Castle, Delaware water towers. In the Texas case, according to Cyble, “the hackers were able to open valves and release untreated water, but otherwise, no damage is believed to have occurred.”

The other six documented People’s Cyber Army attacks targeted other water systems. In January, the gang caused water storage tanks to overflow in Abernathy and Muleshoe, Texas. The US-sanctioned group has been targeting Ukraine's allies since 2022.

cyber-army-attack

Water and wastewater systems are particularly vulnerable, partly because communities are ill-equipped to cope without them. Meanwhile, critical infrastructure often relies on end-of-life devices that remain in service long after support has ended.

Marcus Walsh profile Konstancija Gasaityte profile jurgita Gintaras Radauskas
Don’t miss our latest stories on Google News

Cyble security experts recommend following vulnerability announcements, applying patches as soon as they’re available, implementing ICS/OT/SCADA network segregation, and using Zero-Trust Architecture, among other measures.