Russian Cyber Attackers Hack Texas Drinking Water, Flood Town

Russian hackers claiming to be backed by the Kremlin are believed to have remotely accessed a Texas town’s water tower.

The suspected hack in the Texas Panhandle town in January would be the first-ever disruption of a US drinking water system by Russia, after Iran and China carried out similar attacks.

The hack in Muleshoe, a community of 5,000 not far from the New Mexico border, led to the tower overflowing with thousands of gallons for almost an hour, leading to a state of emergency to be declared.

The hacking group allied with the Russian government identified themselves as the Cyber Army of Russia Reborn (CARR).

The group posted a video on Telegram of the town’s water-control systems being manipulated, showing how they reset the controls.

‘We’re starting another raid on the USA. In this video there are a couple of critical infrastructure objects, namely water supply systems,’ the message in Russian said, capped by a smiley face emoji.

The video then shows the hackers changing values and settings for the utilities’ control systems.

The group has previously conducted DDoS attacks on Ukrainian organizations and government agencies.

It’s unclear what effects the manipulation has had, but several local officials have acknowledged the cyberattacks, while confirming some form of disruption.

The city manager for Muleshoe, instance, reportedly said in a public meeting that the attack on the town’s utility is what caused the tank to overflow.

Officials in the nearby towns of Abernathy, Hale Center and Lockney also said they’d been ‘affected,’ with the well system for the former seen in the interface shown on the Telegram screen recording

All three towns reportedly disabled the software overseeing their utilities to prevent its exploitation, but officials in each locale also insisted service to customers in each case was never explicitly interrupted.

That wasn’t the case for residents of Muleshoe, whose seminal water tower hemorrhaged water for somewhere between 30 and 45 minutes before operators were finally able to address the issue, doing so manually

Footage from the scene January 18 showed the damage left behind within that span, with thousands of gallons of fresh water seen going to waste.

The FBI is currently investigating the hacking activity, one of the officials told CNN.

A seasoned cybersecurity specialist from Google-owned Mandiant, meanwhile, told The Washington Post the hack was indeed the work of CARR – an org perhaps better known by its pseudonym of Sandworm.

The State Department has issued multimillion-dollar bounties for the capture of those associated with the group, known for briefly turning out the lights in parts of Ukraine on at least three occasions.

They were also able to hack the Olympics Opening Games in South Korea in 2018, and are credited with the creation of an advanced malware that was able to briefly shut off a Chernobyl safety system in 2017.

The nuclear power station in Pripyat, Ukraine, was destroyed by a reactor explosion in 1986, sparking the worst radiation fuel leak of all time. It now sits entombed in a huge concrete sarcophagus, but is constantly monitored to check for further leaks.

The ransomware was also used to attack systems overseeing the 2017 French Elections, US officials have said – citing billions of dollars of losses incurred as a result.

A spokesperson said that time that employees were forced to patrol the vicinity of the plant and monitor the radiation with hand-held meters.

Mandiant chief analyst John Hultquist on Wednesday said the attack in January could heighten tensions between Moscow and Washington, and shows how Sandworm – now calling itself CARR – is broadening its targets to include American infrastructure.

He also said he and his colleagues observed social media accounts being created on YouTube for CARR using servers associated with Sandworm, and that CARR had been posting Ukrainian government data stolen by Sandworm hackers on Telegram.

He also reiterated the belief that the CARR is solely a front for The GRU – the Russian intelligence agency that remained in place following the collapse of the Soviet Union.

Members of the KGB replacement were charged in for the Chernobyl attack, with the State Department framing them as members of the group.

‘We’ve been saying for a long time that CARR is just a front for the GRU,’ Hultquist told the Post as the apparent cyber attack continues to be probed.

‘Then we see them take credit for these acts in the U.S. against water utilities. Is GRU behind these attacks? If it isn’t GRU, whoever is doing this is working out of the same clubhouse. It’s too close for comfort.’

The group previously went by the names Telebots, Voodoo Bear and Iron Viking. They are also known as Unit 74455.

U.S. Attorney Scott W. Brady for the Western District of Pennsylvania described Sandworm’s actions as ‘representing the most destructive and costly cyber-attacks in history.’

Brady added, ‘The crimes committed by Russian government officials were against real victims who suffered real harm. We have an obligation to hold accountable those who commit crimes – no matter where they reside and no matter for whom they work – in order to seek justice on behalf of these victims.’

‘Time and again, Russia has made it clear: They will not abide by accepted norms, and instead, they intend to continue their destructive, destabilizing cyber behavior,’ said FBI Deputy Director David Bowdich in 2022.

The Biden administration has also that intelligence indicated that new state sponsored Russian cyber attacks were forthcoming.

The Kremlin, meanwhile, has kept mum about its alleged connection to the terror group, rejecting accusations that Russia and Russian special services were responsible for any ‘hacking attacks, especially against the Olympics.’

Feds’ and town officials’ investigation into the January incident, as of writing, remains ongoing.

The investigation comes weeks after state governors that foreign hackers are carrying out disruptive cyberattacks against water and sewage systems throughout the country, with both National Security Advisor Jake Sullivan and Environmental Protection Agency Administrator Michael Regan warning that ‘disabling cyberattacks are striking water and wastewater systems throughout the United States.’

‘Disabling cyberattacks are striking water and wastewater systems throughout the United States,’ the march statement from the White House read, citing two countries in particular.

‘These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities.

‘We are writing to describe the nature of these threats and request your partnership on important actions to secure water systems against the increasing risks from and consequences of these attacks.

The letter singled out alleged Iranian and Chinese cyber saboteurs, with Sullivan and Regan citing a recent case in which hackers accused of acting in concert with Iran’s Revolutionary Guards had disabled a controller at a water facility in Pennsylvania.

They also called out a Chinese hacking group dubbed ‘Volt Typhoon’, which they said had ‘compromised information technology of multiple critical infrastructure systems, including drinking water, in the United States and its territories.’

A few days later, Vladimir Putin’s sinister global cyberwarfare strategy has been unmasked after a huge trove of secret files were leaked.

The documents reveal how a company with links to the FSB, the Russian intelligence service, aids the Kremlin’s agenda by attacking its enemies in digital warfare.