In November, a group of hackers caused a water tank overflow in Pennsylvania, which was a concerning attack on US infrastructure. The cyber-security firm Mandiant has identified the group responsible for this attack as Sandworm, a Russian hacking group known for their mature and dynamic approach to cyber threats. Sandworm is unique in its ability to combine various capabilities into one comprehensive package.
Many security experts believe that Sandworm is likely connected to the Russian spy agency, GRU. While most state-backed threat groups typically specialize in specific areas of cyber attacks, Sandworm is able to adapt quickly and effectively to new challenges. The hackers shared a video on Telegram demonstrating how they manipulated Muleshoe’s water system, overpowering it and resetting the controls.
In January, a similar attack occurred in Texas, when the town of Muleshoe experienced a water tank overflow caused by Russian hackers. The Cyber Army of Russia Reborn was responsible for both attacks. Ramon Sanchez, Muleshoe’s city manager, reported that the water tank overflowed for 30 to 35 minutes during the attack.
Sandworm has been previously linked to various cyber attacks worldwide, including on Ukraine’s power grid and the 2018 Olympic Games in South Korea. In 2020, the US Department of Justice charged six members of the group with crimes related to their cyber attacks, including disrupting the 2016 US presidential elections and creating a virus called NotPetya responsible for causing $10 billion in damage to computers globally.