A 2023 photo of a wastewater treatment plant in Stockton, California.

A 2023 photo of a wastewater treatment plant in Stockton, California. George Rose/Getty Images

Russian hackers sabotaged Texas water-treatment plant: cyber firm

If officials confirm it, Moscow would join the list of recent foreign infiltrators of U.S. water infrastructure.

A group with possible ties to Kremlin military hackers infiltrated a Texas water-treatment plant in January, causing a system malfunction that forced a water tank to overflow and escalating concerns about the network security of similar U.S. facilities, according to an analysis out Wednesday.

The report, from Google-owned Mandiant, linked the activity to Sandworm, a hacking operation that’s tied to Russia’s military intelligence directorate, or GRU.

If confirmed by officials, the breach of the water facility in Muleshoe near the New Mexico border would be the first known case perpetrated by Russia, which would be the third nation, after Iran and China, linked to similar incidents this year.

Mandiant could not verify all claims of the hack, but noted that the analysis aligns with local reporting on the incident. The research also cited screenshots appearing to show a potential Sandworm-affiliated unit calling itself CyberArmyofRussia_Reborn on Telegram manually manipulating water well control inputs.

Muleshoe’s drinking water was not affected, according to reporting from CNN, which noted that the FBI is investigating the activity. Two related hacking attempts occurred in other Texas towns, the report says.

The Sandworm operatives have mainly focused on Ukrainian targets and have escalated their attacks since Russia’s invasion some two years ago. The group is notably linked to the crippling NotPetya cyberattacks from 2017 that impacted U.S. critical infrastructure.

The Environmental Protection Agency and National Security Council last month urged states to stay alert for Iranian and Chinese cyber threats targeting water sector infrastructure. “Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” their missive to states said.

The Biden administration has been pushing to shore up protections for water treatment facilities against cyber threats, which researchers say are highly vulnerable to compromises

But the EPA in October rescinded a memorandum that would have directed providers to evaluate the cyber defenses of their water systems when conducting sanitation surveys, after facing legal pushback from GOP-led states and trade groups.

The activities tracked by Mandiant were also tied to water system compromises in a French dam and Polish water utilities.

Russia’s largely state-centered economy allows Moscow to easily steamroll contracts for military and intelligence operations. A major leak last year revealed the intricacies of this relationship, showing a vast network of military consultants working on behalf of the Kremlin, including Sandworm.

“We also judge [Sandworm] to present a significant proliferation risk for new cyber attack concepts and methods,” the Mandiant readout said. “Continued advancements and in-the-wild use of the group’s information technology (IT) and OT cyber attack capabilities have also likely lowered the barrier of entry for other state and non-state actors to replicate and develop their own cyber attack programs,” it adds.