On December 20, 2023, Rosvodokanal, a Russian water utility firm, fell victim to an alleged cyber attack orchestrated by the Ukrainian hacker group Blackjack. This comes in the wake of a cyber attack on Kyivstar, a Ukrainian phone company, attributed to Russian hackers, resulting in widespread network and internet failures. The Rosvodokanal cyber incident is seen as a potential act of retaliation, escalating the ongoing cyber conflict between Ukraine and Russia.
Multiple undisclosed law enforcement sources have confirmed the cyber attack on the IT infrastructure of the Russian water utility. According to reports, Blackjack is accused of targeting over 6,000 computers and erasing more than 50 terabytes of data, including backup files, correspondence, and internal documents. There are suspicions that the Security Service of Ukraine (SBU) played a supporting role in the attack, and the SBU is reportedly examining 1.5 terabytes of Rosvodokanal’s compromised data.
Despite the severity of the cyberattack, Rosvodokanal has not provided any updates on its official channels. Mikhail Fridman, a Russian oligarch under sanctions, is a co-owner of the Alfa Group, which includes Rosvodokanal. The utility is responsible for supplying water to approximately 7 million people. This incident adds to the rising concerns about critical infrastructure being targeted in cyber conflicts between nations. This event is not the first instance of a water utility being targeted in a cyberattack. In November, the Aliquippa Municipal Water Authority in the United States experienced a cyber attack believed to be linked to Iranian hackers.
The attack targeted the booster station system regulating water pressure, with authorities assuring the public that the water supply remained unaffected. The incident underscores the growing trend of cyber threats against critical infrastructure globally, emphasizing the need for heightened cybersecurity measures to protect essential services.