A video from the Russian hacker group that claimed responsibility for last week's cyberattack on Indiana's Tipton West sewage treatment plant was released on social media Thursday. This is evidence of the latest cyberattack by nation-state cybercriminals targeting water utilities in small towns across the United States.
Last Saturday, the Russian People's Cyber Army took responsibility for the incident on the messaging app Telegram. The message accompanying the video read: Today we'll be looking at Indiana. Consider efforts at municipal water treatment facilities. Enjoy watching, friends. ”
The group also claimed responsibility for one incident. January cyber attack A tank at a Texas water facility overflows.
Other Russian hacker groups have also carried out cyberattacks on water treatment facilities across the United States in recent months, including Sandworm, the Russian military intelligence's cyberwarfare unit.
The cyberattack in Tipton, a town 40 miles north of Indianapolis that handles wastewater for about 5,000 people, began disrupting operations Friday night. Jim Ankrum, general manager of Tipton Municipal Utilities, said plant managers sent workers to correct the behavior, which caused operations to be disrupted again Sunday morning.
“At that time, we were notified that we had experienced a cybersecurity attack,” Ankrum told StateScoop on Thursday.
He said the disruption to the plant's operations was minor and the town's drinking water was never at risk.
“We maintained the operational capacity of the plant throughout [the incident] And even with the interruptions, we were able to continue receiving wastewater streams and they were available for free,” Ankrum said.
Last month, the Biden administration issued a warning to state governments and industry leaders that local water systems and other critical infrastructure are particularly vulnerable to cyberattacks.
Ankrum said the company uses third-party vendors to support its cybersecurity efforts and does not have its own in-house IT staff.
“We all have intermittent training,” Ankrum said. “It's mostly what comes in our emails. Don't click on this or anything you've probably been trained to do.”
He said the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency will take the lead and review security measures and improve cybersecurity after the investigation.
“We will review our processes and see where we can definitely improve,” he said. “When you get attacked, you know where your weak points are.”
