Russian hacking group claims responsibility for cyberattack on Indiana wastewater plant
A video by a Russian hacking group claiming responsibility for last week’s cyberattack on Tipton West Wastewater Treatment Plant in Indiana surfaced on social media Thursday. It’s evidence of the latest cyberattack by nation state cybercriminals targeting water facilities in small towns across the United States.
The “People’s Cyber Army of Russia” took credit last Saturday for the incident on the messaging app Telegram. A message accompanying the video read: “We continue to look partially cover our series of work on US infrastructure. Today, we’ll look at Indiana. Let’s consider the work on municipal water treatment plants. Enjoy watching, friends.”
The group has also claimed responsibility for a January cyberattack on a water facility in Texas, which caused a tank to overflow.
Other Russian hacking groups, such as Sandworm, the cyberwarfare unit of Russia’s military intelligence service, have also been conducting cyberattacks on water treatment facilities across the U.S. in recent months.
The cyberattack in Tipton, which provides wastewater treatment for roughly 5,000 people in a town 40 miles north of Indianapolis, began disrupting operations on Friday evening. Plant managers sent employees to correct the activity, which interrupted operations again on Sunday morning, according to Jim Ankrum, general manager of Tipton Municipal Utilities.
“At that time, we were notified that we had been hit with a cybersecurity attack,” Ankrum told StateScoop on Thursday.
He described the disruptions to the plant’s operations as minor and said the town’s drinking water was never in jeopardy.
“We maintained plant operational capability throughout [the incident] and were able to continue to accept wastewater flows and free even with the disruptions,” said Ankrum.
Last month, the Biden Administration issued a warning to state governments and industry leaders that local water systems and other critical infrastructure are especially vulnerable to cyberattacks.
Ankrum said the water utility uses third-party vendors to support its cybersecurity measures and does not have its own internal IT staff.
“We all do receive intermittent training,” Ankrum said. “It’s mostly things that come across our emails, you know, don’t click on this and all the things you’ve probably been trained on.”
He said the agency will review its security measures and improve cybersecurity after the investigation, which he said is being led by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
“We will review our processes and see where we can make improvements for sure,” he said. “When you’re under attack, you find out where your vulnerabilities are.”
