Reports: Russian hackers targeted west Texas water facilities

(The Center Square) – As federal leaders warn state and local leaders about “disabling cyberattacks” potentially targeting their water and wastewater systems nationwide, several small towns in west Texas were targeted by Russian hackers.

One water system run by an offsite vendor hadn’t updated its software system’s password in over 10 years, making it vulnerable for an attack, officials said.

At a recent “local cities” meeting in Mulshoe, Texas, city managers and public works directors from Panhandle communities met to discuss hackers attacking their water systems earlier this year. Muleshoe’s city manager said its water facility had been hacked and its water tank was overflowing on Jan. 18. When they looked into it, they identified a software system malfunction and contacted the software company vendor that was running it remotely. The vendor said other cities were having similar issues.

The water systems of Abernathy, Hale Center and Lockney were also targeted, which were all managed by the same vendor’s software systems, officials said. On Jan. 26, the city of Lockney issued a statement saying the city “remains under ‘Emergency High Alert Operations’ and will for several additional days, as a precautionary measure,” MyPlainview reported.

Officials said at the meeting that they disabled their systems to prevent any further attacks, adding that residents’ services weren’t interrupted.

Russian hackers, Cyber Army of Russia Reborn (CARR), took credit for hacking the west Texas systems in videos it posted on the social messaging app Telegram. They claimed to have reset the controls of Muleshoe’s and Abernathy’s water systems and posted a video of how they did it.

In a statement introducing the videos, CARR stated in Russian, “We’re starting another raid on the USA,” explaining how they exploited “a couple critical infrastructure facilities, namely water supply systems,” adding a smiley face emoji.

In a screenshot of one video below, a hacker appears to be using a mouse to click around the interface to change the values and settings for Abernathy’s water control system.

Screenshot of Russian CARR hacker video posted on social media taking credit for and hacking a water utility in west Texas. pic.twitter.com/s9czrrRVNm— Bethany Blankley (@BethanyBlankley) April 23, 2024

CARR has taken credit “on at least three occasions for hacking operations that targeted US and European water and hydroelectric utilities,” WIRED reports. “In each case, the hackers have posted videos to the social media platform telegram that shows screen recordings of their chaotic manipulation of so-called human machine interfaces, software that controls physical equipment inside those target networks.” WIRED cites other targets including in Poland and France.

A new report published by a cyber defense and threat intelligence group, Mandiant, which is owned by Google, suggests that CARR is linked to a Russian state-backed hacking group, APT44, also known as Sandworm. Mandiant alleges that Sandworm helped create CARR and details how the hackers operate and the methods they use in the report.

John Hultquist, who leads Mandiant’s threat-intelligence, told WIRED, “Sandworm has never directly targeted a US network with a disruptive cyberattack – only planted malware on US networks … . Cyber Army of Russia Reborn, by contrast, hasn’t hesitated to cross that line.

“Even though this group is operating under this persona that’s tied to Sandworm, they do seem more reckless than any Russian operator we’ve ever seen targeting the United States. They’re actively manipulating operational technology systems in a way that’s highly aggressive, probably disruptive, and dangerous.”

The hacker was easily able to get into the vendor’s system that manages the west Texas towns’ water system and control its interface because the vendor’s password hadn’t been changed in a decade, The Washington Post reported. Abernathy’s city manager told the Post the hack “turned out to be a good thing. It showed us where our vulnerabilities were.”

Muleshoe’s city manager, said, “You don’t think that’s going to happen to you. It’s always going to happen to the other guy.” He also added that they learned a lesson “to always be proactive and always update our cybersecurity.”

“I would have never thought that somebody tied to the Russian military would target Muleshoe.”

FBI Director Christopher Wray recently warned state and local officials that Russia was “a top cyber threat” and that the Russian government was investing heavily in cyber operations, specifically targeting the U.S. energy sector.

The west Texas officials are re-examining and strengthening their security measures, they said at a recent local meeting, also having met with their state senator, Charles Perry, a Republican.

The FBI, Homeland Security and other federal agencies are investigating the hack.