Pro-Russia hacktivists are compromising technology that keeps facilities safe and operational in the water, wastewater, energy, dam, food and agriculture sectors, federal and international agencies said in an advisory released Wednesday.
In some cases, the agencies said, the attacks pose physical threats.
The advisory, focused on hacktivist activity in those sectors in North America and Europe, provides guidance on defending operational technology (OT) devices and industrial control systems (ICS), which are involved in the maintenance, monitoring or controlling of industrial processes.
“The pro-Russia hacktivist activity appears mostly limited to unsophisticated techniques that manipulate ICS equipment to create nuisance effects,” according to the agencies. “However, investigations have identified that these actors are capable of techniques that pose physical threats against insecure and misconfigured OT environments.”
The hacktivists have carried out disruptions “causing water pumps and blower equipment to exceed their normal operating parameters,” and “in each case, the hacktivists maxed out set points, altered other settings, turned off alarm mechanisms, and changed administrative passwords.”
“Some victims experienced minor tank overflow events; however, most victims reverted to manual controls in the immediate aftermath and quickly restored operations,” the advisory continued.
One such case of an overflow where Russian hacktivists claimed credit was in Muleshoe, Texas. Mandiant said in a recent report that a Russian military intelligence operation is suspected of controlling that group.
The advisory was produced by the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, National Security Agency, Environmental Protection Agency, Department of Energy, Department of Agriculture, Food and Drug Administration, Multi-State Information Sharing and Analysis Center, Canadian Centre for Cyber Security and the United Kingdom’s National Cyber Security Centre.
CNN first reported on the then-forthcoming advisory.
The agencies suggested that organizations immediately change all default passwords of OT devices to those with strong unique passwords; limit the exposure of OT systems on the internet; and implement multi-factor authentication.
The post Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say appeared first on CyberScoop.