Critical Infrastructure Security, Threat Intelligence

US, European water utility attacks linked to Sandworm

Water drop

Water and hydroelectric utilities in the U.S. and Europe have been subjected to attacks by Russian state-sponsored advanced persistent threat operation Sandworm, also known as APT44, since earlier this year, The Register reports.

Such intrusions have been disguised by Sandworm as hacktivist operations that primarily targeted Ukraine under several Telegram channels, including CyberArmyofRussia_Reborn1, XakNet Team, and SoIntsepek, a report from Mandiant showed.

However, CyberArmyofRussia_Reborn was observed to have taken responsibility for attacks against U.S. and Polish water utilities' operational technology systems in January, with the officials at the cities of Muleshoe, Abernathy, and Hale Center reporting their water infrastructure to be compromised. Attackers then proceeded to compromise a French hydroelectric entity's water level controlling technology.

"We assess that changing Western political dynamics, future elections, and emerging issues in Russia's near abroad will continue to shape APT44's operations for the foreseeable future," said Mandiant.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.