Documented Attacks

Russian Infrastructure Attacks

From the Colonial Pipeline to meat packing plants to rural water systems— documented Russian cyber attacks that have disrupted American lives and demonstrated the vulnerability of critical infrastructure.

2024 FBI/CISA Warning: Russian hackers continue to target critical infrastructure. Rural utilities with limited security resources are particularly vulnerable.

Major Russian Cyber Attacks on US Infrastructure

RansomwareMay 2021

Colonial Pipeline

Perpetrator: DarkSide

$4.4 million paid (bitcoin)

Recovered: $2.4 million recovered by DOJ

6-day shutdown of pipeline carrying 45% of East Coast fuel

Compromised via inactive VPN account without MFA
100 GB of data stolen in 2 hours
State of emergency declared by President Biden
Panic-buying and gasoline shortages across Southeast

RansomwareMay 2021

JBS Meat Packing

Perpetrator: REvil

$11 million paid

Slaughterhouses nationwide shut down

World's largest meat producer
Plants in multiple countries affected
Threat to US food supply chain
Led to Farm and Food Cybersecurity Act

Espionage2020 (discovered Dec)

SolarWinds Supply Chain

Perpetrator: APT29 (SVR)

18,000 organizations installed trojanized software

Compromised Treasury, DOJ, DOE, State Dept
100 companies + 12 agencies breached
Attackers spent months inside systems
Triggered Executive Order 14,028

Colonial Pipeline Attack

The largest cyber attack on US oil infrastructure in history

45%

Of East Coast fuel supply

6 Days

Pipeline shutdown

2 Hours

To steal 100GB of data

How It Happened

Entry Point: Compromised password for inactive VPN account—without multi-factor authentication

Data Theft: 100 gigabytes stolen in just 2 hours

Shutdown: Colonial proactively shut down pipeline to prevent further damage

Impact: Panic-buying, gas shortages, state of emergency

Policy Response

The attack led to Executive Order 14,028, the Cyber Incident Reporting Act, TSA Cybersecurity Directives, and creation of the Joint Ransomware Task Force.

Water & Utility System Attacks

GRU-linked hackers targeting American water infrastructure

CyberArmyofRussia_Reborn (CARR): Founded, funded, and directed by Russia's GRU military intelligence. Treasury Department sanctioned two members in July 2024.

Multiple US States

2024

CyberArmyofRussia_Reborn (GRU-linked)

Public drinking water systems targeted

Los Angeles (Meat Facility)

November 2024

CARR / Z-Pentest

Spoiled thousands of pounds of meat, ammonia leak

European Facilities

2023

CARR

Wastewater treatment systems compromised

"Pro-Russia hacktivists have conducted an increasing number of unsophisticated attacks against water/wastewater systems since 2022, intending to generate public attention in support of Russia's war."
— CISA Advisory AA25-343a, 2025

Attacks on Agriculture & Food Supply

Rural farms and food processors are increasingly targeted

The food and agriculture sector saw 212 ransomware attacks in 2024—up from 167 in 2023. Russian hackers have demonstrated willingness to target everything from dairy farms to meat packing plants.

JBS Meat Packing

2021

National slaughterhouse shutdown, $11M ransom

Swiss Farm (Dairy)

2023

Unable to monitor herd vitals; cow and calf died

US Dairy Farms

2023

Two farms claimed as targets by Russian hackers

Dole Food Company

2023

Operations disrupted, product shortages

Stop & Shop Supply Chain

2024

Fresh produce, meat, dairy shortages in several states

Swiss Farm Tragedy (2023)

A ransomware attack on a dairy farm disabled the monitoring system for the herd. Unable to track vital signs, a cow and calf died—a stark reminder that cyber attacks on agriculture have real-world consequences.