18 October 2021

US security agencies say ransomware hackers targeted 3 different US water facilities in 2021


US security agencies say ransomware hackers targeted 3 different US water facilities in 2021

The US Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) have released a joint advisory warning of ongoing cyberattacks – launched by both known and unknown malicious actors – targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of U.S. Water and Wastewater Systems (WWS) Sector facilities.

According to the US agencies, over the past few months, hackers have targeted wastewater plants in California, Maine and Nevada with ransomware attacks.

The first incident took place in March 2021, when hackers attacked a Nevada-based WWS facility using a previously undocumented ransomware variant. The ransomware affected the victim’s SCADA system and backup systems.

Several months later, in July 2021, malicious actors remotely planted the ZuCaNo ransomware onto Maine-based WWS facility’s wastewater SCADA computer. The treatment system was run manually until the SCADA computer was restored using local control and more frequent operator rounds, the agencies said.

In August 2021, a California-based WWS facility was targeted with a Ghost variant ransomware. This malware had been hiding inside the system for nearly a month and was discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message.

The security alert also describes two incidents that took place in two previous years, including a Makop ransomware attack against a New Jersey-based WWS facility in September 2020, and an incident involving a former employee at Kansas-based WWS facility, who was accused of tampering with a public water system.

“Although cyber threats across critical infrastructure sectors are increasing, this advisory does not intend to indicate greater targeting of the WWS Sector versus others,” the security agencies said.

The joint advisory also provides an overview of Tactics, Techniques and Procedures (TTPs) used by attackers, as well as mitigations that organizations should implement to prevent cyber intrusions.

Back to the list

Latest Posts

Amid Pegasus scandal, Israel bans cyber software sales to 65 countries

Amid Pegasus scandal, Israel bans cyber software sales to 65 countries

Dropped countries include such countries as Morocco, Mexico, Saudi Arabia, or the UAE.
26 November 2021
CronRAT: New Linux malware that hides behind February 31 to stay undetected

CronRAT: New Linux malware that hides behind February 31 to stay undetected

The malware hides in the Linux calendar system and enables server-side Magecart data theft which bypasses browser-based security solutions.
26 November 2021
New malware campaign targets crypto, NFT and DeFi communities via Discord

New malware campaign targets crypto, NFT and DeFi communities via Discord

The Babadeda crypter is able to bypass signature-based antivirus solutions and was previously observed in malicious campaigns distributing RATs, and LockBit ransomware.
26 November 2021