The Cl0p ransomware gang appears to have breached at least one water supply company in the United Kingdom, but it’s not exactly clear which supplier was hacked.
Cl0p announced on its dark web leak site they have compromised the systems of Thames Water, one of the UK’s largest drinking water utility and allegedly stole 5TB of data. Furthermore, the threat actors claimed to have access to water treatment SCADA systems and “these systems which control chemicals in water.” After ransomware negotiations reportedly fell through, the gang published the sample of stolen data, including passports, screenshots from SCADA systems, and driver’s licenses.
However, when security researchers started to analyze the leak it became clear that the gang may have named the wrong victim, as the published data contained a spreadsheet featuring email addresses belonging to South Staffordshire PLC, another UK water utility.
Thames Water disputed Cl0p’s claims and said that the alleged attack was a “cyber hoax” and denied any breach of its systems.
Meanwhile, South Staffordshire has confirmed it has indeed suffered a hack. In a short statement on its website the company explained that it has experienced disruption to its corporate IT network, but the incident has not affected water supply. The supplier has not shared additional details regarding the breach. The company said it was working with government and regulatory authorities to resolve the incident.