US water facility OT infrastructure is under attack again

(Image credit: Shutterstock)

Hostile nations seem to be dead-set on damaging critical US infrastructure, as Russia has joined the fray with the likes of Iran and China in launching cyber attacks against water facilities.

Vulnerable operational technology (OT) used in US water and energy infrastructure are prime targets for state-sponsored actors looking to potentially poison water supplies or erode trust in energy reliability, with Chinese-backed probing suspected to be practice for if the two superpowers were to go to war.

A joint advisory issued by 6 US government agencies, as well as the UK’s National Cyber Security Center and Canada’s Center for Cyber Security warns that the water supply is at risk due to unsecured OT devices.

Water versus the world

While most of the attacks against US water facilities by Russia-linked groups only amount to “nuisance effects” and “limited disruption,” the joint advisory warns that there is the potential for threat actors to have considerable control over certain OT environments, particularly those that are “insecure and misconfigured.”

Russia-linked groups have accessed human machine interfaces (HMIs) by breaking into internet-exposed virtual network computing (VNC) using manufacturer-issued default passwords. In 2024, Russian groups have used the above method to augment water pump controls to operate outside of their recommended parameters, turned off the alarm systems that could recognize a potential overflow, and change the access credentials to prevent facility workers from reversing the changes.

Luckily, facilities usually have manual control over the internal mechanisms, with only minor tank overflows occurring before the facilities were secured. The joint advisory also issues a number of OT vulnerability mitigations which can be found here (PDF).

More from TechRadar Pro

Secure your exposed devices with the best endpoint protection
Suspected Iranian cyberattack on key US infrastructure probed by security agency
Keep your PC safe with the best antivirus

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.