This year, three sewage treatment plants have been blackmailed by hacker attacks, according to a joint cyber defense alert from the FBI, NSA, CISA and EPA. The incidents in March, July and August have not been made public so far. In one case, the attackers also got into a computer controlling industrial equipment.
In August, a California sewage treatment plant that used the Ghost extortion virus was paralyzed. In July, a facility in Maine was blackmailed with the ZuCaNo virus. In March, a Nevada water purifier was attacked by a previously unknown blackmail virus.
A report from U.S. law enforcement, national security, and environmental services also revealed that these were not the first attacks on water treatment infrastructure, as an attempt was made to blackmail a New Jersey sewage treatment plant in September 2020 and an incident of another nature in March 2019 when a fired employee tried to confuse with still working username.
Even more worrying were the two cases in January 2021 when someone tried to poison water at a plant in the San Francisco Bay Area through hacking. And in February of this year, a hacker tried to manipulate the levels of various chemicals at a sewage treatment plant in Florida.
According to the warning, although blackmail hackers are more active in other sectors, attacks on sewage treatment plants threaten the “supply of clean, drinking water and treatment of municipal wastewater”, so such facilities must have cyber protection commensurate with their social weight.