Loading...
Loading...
Iranian hackers compromised 34+ US water facilities in a single campaign. Russian hackers made water tanks overflow in Texas. Chinese Volt Typhoon is pre-positioning in water infrastructure nationwide. Your community could be next.
IRGC-affiliated hacking group that compromised 34+ US water facilities between November 2023 and January 2024. Targeted Unitronics PLCs (Israeli-made programmable logic controllers) with default passwords.
Attack Method:
Scanned for internet-exposed Unitronics Vision series PLCs using default password "1111". Gained control of booster stations and displayed political messages.
Message left on hacked systems: "You have been hacked, down with Israel. Every equipment 'Made in Israel' is Cyberav3ngers legal target."
Russian hacktivist and state-linked groups continuing to exploit industrial control system weaknesses in water facilities. Caused physical impacts including water tank overflows in Texas.
Attack Method:
Exploit weak defenses in ICS/SCADA systems. Manipulate water levels and valve controls. Often leave systems in states that could cause physical damage.
Chinese state-sponsored group confirmed by FBI to be probing US water plants. Unlike Iran and Russia, Volt Typhoon focuses on persistent, undetected access—pre-positioning for potential future conflict.
Intent:
Not immediate disruption, but establishing persistent access that could be activated during a major crisis or conflict with the United States.
These attacks happened to communities just like yours. Each one exploited basic security failures that could have been prevented.
Hackers took control of water booster station serving rural community. Left message: 'You have been hacked, down with Israel'
Water tank caused to overflow due to cyberattack on control systems
Water tanks caused to overflow; facilities switched to manual operations
Water treatment facility forced to switch to manual operations
Largest US water utility attacked; customer portal disconnected
EPA inspections found the majority of water utilities in violation of basic cybersecurity requirements. Here's what they found:
Critical systems still using factory default passwords like '1111' or 'admin'. Attackers scan for these.
Former employees retaining access to systems. Credentials not revoked when people leave.
Industrial control systems directly connected to the internet without firewalls or VPNs.
EPA Letter to Governors (March 2024)
"The WWS [Water and Wastewater Systems] is highly fragmented, with most providers serving small towns operating with limited resources and budgets, making it challenging to implement comprehensive cybersecurity measures."
Every PLC, SCADA system, and HMI must have unique, strong passwords. This is the #1 attack vector.
Remove PLCs and control systems from direct internet access. Use VPNs for remote access if absolutely necessary.
If you use Unitronics, update to version 9.9.00 or later. Earlier versions have known vulnerabilities.
Audit all user accounts. Immediately disable access for anyone who no longer needs it.
Multi-factor authentication for all remote access. Passwords alone are not enough.
Separate IT networks from operational technology (OT) networks. Limit what attackers can reach.
Security guidance from Cybersecurity and Infrastructure Security Agency
Information sharing and analysis center for water sector
EPA and NSA warning about water system vulnerabilities
Report cyber incidents to FBI Internet Crime Complaint Center
Rural electric cooperatives are favored targets. Learn about the Delta-Montrose attack that kept systems down for a month.
View Electric Threats →Ransomware gangs target agricultural cooperatives during harvest season—demanding millions while threatening food supply chains.
View Grain Threats →Take our free security audit to assess your water system's vulnerabilities and get specific recommendations for protection.