Priya Patel
TLDR:
– Pro-Russia hackers are targeting critical infrastructure in North America and Europe.
– The attacks involve manipulating control settings and causing physical disruptions.
Article Summary:
Government agencies have warned critical infrastructure operators about attacks by pro-Russian hackers targeting industrial control systems (ICS) in North America and Europe. These hackers have caused physical disruptions at facilities, such as overflowing a water tank at a plant. The attacks are described as unsophisticated but could pose physical threats to insecure OT environments. The hackers exploit vulnerabilities in outdated VNC remote access software and weak passwords to access human machine interfaces (HMIs).
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) advised critical infrastructure operators to defend their systems more effectively. While the attackers were not specifically identified, a group calling itself CyberArmyofRussia_Reborn claimed responsibility for attacks on infrastructure plants in Indiana and Texas. Researchers linked these attacks to a Russian military-aligned group known as Sandworm.
CISA recommended immediate actions for potential targets, including hardening HMIs, limiting exposure of OT systems to the internet, using strong passwords, and implementing multifactor authentication. Attacks on U.S. critical infrastructure have also been observed from threat groups in China and Iran. CISA Director Jen Easterly warned of Chinese cyberattacks as a serious threat to the nation’s critical infrastructure.
In response to the attacks, cybersecurity experts are calling for increased funding and grants to enhance cybersecurity defenses for critical infrastructures like water utilities. The government must take steps to protect these systems from cyber militias posing a potential danger to the U.S. water supply.
