On Friday night, hackers targeted a wastewater treatment plant in Indiana. A local official told CNN that the plant managers sent maintenance staff to look into the strange behavior.
A hacking group with ties to Russia claimed credit. The same group said they were behind a string of hacks earlier this year that targeted water sites in Texas.
Jim Ankrum, general manager of Tipton Municipal Utilities, told CNN, “We were targeted and we have not been hacked.” Tipton is a town of 5,000 people about 40 miles north of Indianapolis. TMU offers electricity, water, and wastewater treatment.
“TMU had very little trouble and was always able to do its job,” Ankrum said.
Ankrum said that the incident was being looked into by federal officials. He sent more questions to the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security. A spokesperson for CISA did not reply right away to a request for comment on Monday.
Hackers who spoke Russian put up a video on social media on Saturday claiming responsibility for an online attack on a TMU wastewater treatment plant. Ankrum told CNN that he hadn’t seen the video but stressed that the plant kept running during the hack.
It looks like this is the latest attempt by a group of Russian-speaking hackers to break into water systems in small American towns. An attack by the group in January was blamed for flooding a tank at a water plant in Muleshoe, Texas.
The US government has been saying that the water systems need to improve their defenses because they are constantly being threatened by both government and criminals.
Cyberattacks are happening on water and sewage systems “all across the United States.” In a letter to state officials last month, US national security adviser Jake Sullivan said that water facilities need to make their defenses stronger against the danger.
The US cybersecurity company Mandiant made a public link last week between the Telegram channel where hackers claimed responsibility for the Muleshoe and TMU attacks and earlier hacking work done by a well-known unit of Russia’s GRU military intelligence agency. According to Mandiant, it’s not clear if the attacks on the Telegram group were done by other Russian-speaking hackers or by the GRU itself.
The Russian-speaking hackers who broke into the water sector seem to have picked industrial equipment that could be accessed online when it was convenient for them to do so.
Ron Fabela, an expert in industrial cybersecurity, says that the Russian-speaking hackers’ video seemed to show them changing software that controls equipment at the Tipton wastewater treatment plant that aerates and moves fluids.
He told CNN, “While the video is shocking, the threat actor’s actions are amateur and would only cause minor problems for plant operators.” Fabela is the CEO of the consulting company Infinity Squared Group.