{"id":14646,"date":"2025-08-20T07:06:37","date_gmt":"2025-08-20T07:06:37","guid":{"rendered":"https:\/\/newestek.com\/?p=14646"},"modified":"2025-08-20T07:06:37","modified_gmt":"2025-08-20T07:06:37","slug":"russia-linked-european-attacks-renew-concerns-over-water-cybersecurity","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14646","title":{"rendered":"Russia-linked European attacks renew concerns over water cybersecurity"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Two incidents reported last week by European leaders have once again spotlighted one of the most unsettling forms of politically motivated cyber malfeasance: attacks on local water facilities.<\/p>\n

First, the director of the Norwegian Police Security Service, Beate Gang\u00e5s,\u00a0said that Russian hackers are likely behind<\/a>\u00a0suspected sabotage at the dam\u00a0at Bremanger on Lake Risvatnet, in western\u00a0Norway, that took place in April, with the saboteurs opening one of the dam\u2019s valves to increase water flow. According to press reports, the valve was open for around four hours but posed no danger to the surrounding areas.<\/p>\n

The next day, Poland Deputy Prime Minister Krzysztof Gawkowski, who is also the country\u2019s digital affairs minister,\u00a0said that a large unnamed Polish city<\/a>\u00a0could have had its water supply cut off that week due to a cyberattack. The attack, which Gawkowski insinuated came from Russian hackers but offered no further details, was somehow foiled.<\/p>\n

Both reports came near the eve of Donald Trump\u2019s meeting with Russian President Vladimir Putin in Alaska to discuss the war in Ukraine, an event that caused fear and suspicions throughout European capitals. As politically advantageous as it might seem for politicians to raise the specter of Russian cyberattacks, experts say these incidents raise legitimate concerns over Russia\u2019s aggression against this most unprotected component of the critical infrastructure sector.<\/p>\n

\u201cThe Russians do often use these easy-to-execute attacks to poke and prod,\u201d Jake Braun<\/a>, former White House acting principal deputy national cyber director and now executive director of the Cyber Policy Initiative at the University of Chicago, tells CSO. \u201cMost of the Russian experts I know say that this has been their modus operandi for decades, if not centuries. They poke and prod, but that is just a prelude to future, far larger attacks.\u201d<\/p>\n

Experts suggest that water utilities in the US and Europe should view these incidents as early warning indicators, and they should redouble their efforts to create and update their cybersecurity defense capabilities.<\/p>\n

Pro-Russia Z-Pentest Alliance linked to the dam attack<\/h2>\n

A video posted on Telegram purports to show the April attack on the Norwegian dam.\u00a0Ron Fabela<\/a>, director of industrial cybersecurity at ABS Consulting, who stumbled on the video in April, says it is typical of the\u00a0Z-Pentest Alliance<\/a>, a group that might be of Serbian origin but is considered a pro-Russian operational technology (OT) threat actor.\u00a0<\/p>\n

The video shows the attackers fiddling with the dam\u2019s controls on a human-machine interface (HMI), fumbling around to change the water flow and level, and ending with a final view showing the manipulated state of the system with\u00a0background music<\/a>\u00a0from a Russian punk rock group.<\/p>\n

As was true of a series of\u00a0similar attacks<\/a>\u00a0by likely young Russian amateur hackers in the US, the dam attackers didn\u2019t know what they were doing and made a lot of mistakes. \u201cThe one thing I found funny is one of these set points is a percentage, and obviously they didn\u2019t read that, so they initially tried to put in 999% and the system, being smart, was like, no, that\u2019s dumb,\u201d Fabela tells CSO. \u201cThat falls in line with my hypothesis that these folks don\u2019t understand the systems they\u2019re interacting with.\u201d<\/p>\n

Although Norwegian officials attribute the attack to Russia, Fabela doesn\u2019t think there\u2019s a direct nation-state connection involved. \u201cTheir actual nation-state hackers, like our equivalent of the CIA, don\u2019t boast about it on Twitter and Telegram,\u201d he says.<\/p>\n

However, Braun thinks the Kremlin\u2019s involvement can\u2019t be discounted. \u201cRussia has this kind of symbiotic relationship with criminal organizations that it uses as cutouts,\u201d he says. \u201cJust because this may look like a bunch of kid hackers who are just messing around, that doesn\u2019t mean that the Russian government does not totally sanction this.\u201d<\/p>\n

Attribution for the averted Polish cyberattack is not easy, given how little information the government has released. Fabela points out that there was no chatter about attacks on Polish assets on Telegram or other communications channels aside from \u201cyour normal DDoS stuff, which happens all the time,\u201d he says. \u201cIf I were a threat actor and I almost shut off the water, I don\u2019t think I\u2019d be bragging about it either.\u201d<\/p>\n

Water utilities should remain vigilant<\/h2>\n

Although most water facility operators have received repeated warnings over the years that they are desirable targets for Russian, Iranian, and Chinese threat actors, experts say these latest incidents underscore the need to remain vigilant and step up security efforts.\u00a0<\/p>\n

If water assets owners have \u201cany kind of control system online, it shouldn\u2019t be because it\u2019s at risk for eventually one of these threat actors to do a drive-by and do a video and make a lot of fuss about it,\u201d Fabela says.<\/p>\n

This kind of message is more likely to spur water utilities toward action because \u201cmost of them I\u2019ve talked to are more worried about the call from the FBI than they are about any impact,\u201d he says.<\/p>\n

The University of Chicago\u2019s Braun thinks the chronically underfunded water utilities should start seriously exploring how to fund more cybersecurity help, \u201cwhether that is hiring a CIO or bringing on a consultant to do something to improve their cybersecurity,\u201d he says.\u00a0<\/p>\n

For those who can\u2019t manage to raise the funds, there are resources in the US, such as the\u00a0DEF CON Franklin<\/a> project, which Braun also spearheads, that provides free volunteers and cybersecurity tools. \u201cWe\u2019re free, and we\u2019ll always be free and happy to help advise water utilities on how they can secure themselves,\u201d Braun says.<\/p>\n

For utilities located outside the US, Braun recommends the\u00a0Cyber Peace Initiative, which also offers free resources to utilities.<\/p>\n

No matter how they work it out, water utilities must start paying closer attention to cybersecurity. \u201cWater is one of the most important kinds of life-maintaining critical infrastructure sectors,\u201d Braun says. \u201cIt is the one that is both the most essential and at the same time least protected.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Two incidents reported last week by European leaders have once again spotlighted one of the most unsettling forms of politically motivated cyber malfeasance: attacks on local water facilities. First, the director of the Norwegian Police Security Service, Beate Gang\u00e5s,\u00a0said that Russian hackers are likely behind\u00a0suspected sabotage at the dam\u00a0at Bremanger on Lake Risvatnet, in western\u00a0Norway, that took place in April, with the saboteurs opening one… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14646","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14646"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14646\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}