US officials find weak security practices at water plants breached by pro-Russia hackers

Source: CNN Politics

Published 10:15 AM EDT, Wed May 1, 2024


CNN — Pro-Russia hackers have exploited shoddy security practices at multiple US water plants in recent cyberattacks that have hit a wider swathe of victims than was previously documented, according to an advisory by US federal agencies obtained by CNN.

Though the attacks have not impacted drinking water, the advisory lays bare the cybersecurity challenges facing the thousands of water systems across the US, many of which are often short of cash and personnel to deal with threats. The document helps explain the plea that US national security adviser Jake Sullivan made in March to water authorities to shore up their defenses.

US officials investigating the cyberattacks have found that the hacked facilities often had outdated equipment connected to the internet protected by weak passwords, making it relatively easy for hackers to breach the sensitive networks that handle water treatment and other industrial operations, the document says. The Cybersecurity and Infrastructure Security Agency, FBI and other agencies are set to release the advisory publicly later on Wednesday.

The advisory covers a string of recent cyberattacks claimed by Russian-speaking hackers — some of which have been reported publicly — that have alarmed US officials because of the hackers’ brazen willingness to infiltrate computers at US industrial plants using rudimentary attack techniques. US officials have in recent weeks been privately telling electric utilities, water facilities and other critical infrastructure firms to take industrial equipment off the internet before the hackers can exploit it, multiple people familiar with the efforts told CNN.

Read more: https://www.cnn.com/2024/05/01/politics/water-plants-hackers-weak-security-practices/index.html