The cybersecurity firm, Mandiant, revealed on Wednesday that Russian hackers were likely responsible for the water tank overflow incident that occurred in Muleshoe, Texas, back in January. The incident, which saw a torrent of water spewing from the town’s water tank, was initially contained within an hour. Still, it has raised serious concerns about the vulnerability of critical infrastructure systems to cyber attacks.
Sandworm: A Formidable Russian Hacking Group
Mandiant, owned by tech giant Google, attributed the attack to Sandworm, a Russian hacking group known for its dynamic and operationally mature capabilities. According to the report, Sandworm is actively engaged in the full spectrum of espionage, attack, and influence operations, making it a formidable threat actor.
Security experts believe Sandworm is likely connected to the Russian spy agency, GRU. Unlike most state-backed threat groups that specialize in specific areas, Sandworm stands out for its ability to unify various capabilities into a comprehensive package.
Cyber Army of Russia Reborn Claims Responsibility
A group calling itself the Cyber Army of Russia Reborn, which Mandiant has linked to Sandworm, has claimed credit for the Muleshoe attack. They posted a video on Telegram showing their manipulation of the town’s water system, demonstrating how they overpowered it and reset the controls, as reported by The Washington Post.
If validated, this would mark the first attack on a public American infrastructure system by this group, according to the Post. US officials have previously blamed Iran for a separate attack on water systems in Pennsylvania last November.
Muleshoe’s Water Tank Overflow and Sandworm’s History
Ramon Sanchez, Muleshoe’s city manager, confirmed to CNN that the city’s water tank overflowed for approximately 30 to 35 minutes during the incident. Authorities have previously blamed Sandworm, which has operated under different names over the years, for various attacks worldwide, including on Ukraine’s power grid and the 2018 Olympic Games in South Korea.
In 2020, the US Department of Justice charged six members of the group with crimes related to their attacks, with one member allegedly involved in disrupting the 2016 US presidential elections. The Justice Department also accused the men of creating the NotPetya virus, which caused $10 billion in damage to computers worldwide, shutting down the power grid in Ukraine, and taking down the computer systems of a chain of Western Pennsylvania hospitals.