A hacker group with ties to Russia, known as the Cyber Army of Russia, has claimed responsibility for a cyberattack on a water and wastewater treatment plant in Indiana. The group announced this on their Telegram channel, showcasing a video that allegedly depicted their interaction with the systems of the Tipton Wastewater Treatment Plant. The exact details of the breach were not disclosed by the hackers, but local officials confirmed the incident occurred on Friday evening, prompting immediate investigative actions by the plant’s maintenance personnel.
Jim Ankrum, the general manager of Tipton Municipal Utilities (TMU), addressed the incident in a statement to CNN, affirming that the facility was targeted but not compromised. According to Ankrum, TMU, which operates multiple utilities including electric power, water, and wastewater services for Tipton and surrounding areas, experienced only minimal disruption and continued to operate without interruption. This statement highlighted the resilience of the facility against what appeared to be a significant cyber threat.
The broader context of this incident involves the Cyber Army of Russia’s recent activities against U.S. infrastructure, which has been part of an ongoing series of attacks. According to a report by Mandiant, a Google-owned security firm, the same group was linked to another incident in January involving a water facility in Texas, which resulted in a tank overflow. Mandiant also suggested that while it couldn’t independently verify the Texas intrusion, the group has a history of claiming attacks that later prove to be genuine, aligning them with Russian state actor Sandworm.
Further insight into the group’s operations reveals that the Cyber Army of Russia, while posing as a hacktivist collective, maintains a close operational relationship with more established Russian hacking entities like Sandworm. They have been involved in a variety of attacks, primarily focusing on distributed denial-of-service (DDoS) attacks against countries perceived as unfriendly towards Russia. This pattern of behavior underscores the ongoing cyber threat posed by Russian-associated groups towards critical infrastructure worldwide.