Priya PatelTLDR:
- US, UK, and Canadian security agencies warn of disruptive Russian hacktivists targeting operational technology (OT) facilities.
- Russian hacktivists have been targeting small-scale OT systems in various sectors since 2022, exploiting vulnerabilities in outdated software and weak passwords.
US, UK, and Canadian security agencies issued an alert warning of disruptive Russian hacktivists targeting operational technology (OT) facilities in multiple sectors across North America and Europe. The alert stated that pro-Russia hacktivists have been targeting small-scale OT systems in the water and wastewater, dams, energy, and food and agriculture sectors since 2022. They have been exploiting vulnerabilities in outdated virtual network computing (VNC) remote access software and weak/default passwords on human machine interfaces (HMIs).
The hacktivists have been manipulating HMIs to exceed normal operating parameters, causing water pumps and blower equipment to malfunction. Most victims were able to restore operations by resorting to manual controls. The security agencies provided a list of mitigations for network defenders to consider, including implementing multi-factor authentication, changing default passwords, keeping software updated, and establishing hardware limits to the manipulation of physical processes.
The agencies also recommended building resilience against vulnerability exploitation through regular scanning, testing, and other cyber-hygiene measures. UK organizations were advised to use the NCSC’s Early Warning service, while US-based operators can contact their regional CISA office for posture assessment.
