- Pro-Russia hackers are targeting infrastructure systems in the US and Europe, says a security advisory.
- Hackers have infiltrated infrastructure sectors in water, dams, energy, and agriculture.
- Security agencies say improved cyber hygiene can prevent these breaches.
Infrastructure systems in the US and Europe are vulnerable targets for pro-Russia hackers, numerous security agencies cautioned in a May 1 advisory statement.
"In early 2024, the authoring organizations observed pro-Russia hacktivists targeting vulnerable industrial control systems in North America and Europe," the advisory said, which was authored by the FBI, the Cybersecurity and Infrastructure Security Agency, along with other domestic and international bureaus.
The agencies observed pro-Russia hackers compromise the operational technology of infrastructure such as "Water and Wastewater Systems (WWS), Dams, Energy, and Food and Agriculture Sectors."
Pro-Russia hackers could be breaking into these systems in various ways. Some through points include entering outdated software and cracking weak passwords.
While the hackers have mainly caused "nuisance effects," the advisory noted that "historically, these hacktivists have been known to exaggerate their capabilities and impacts to targets." The unauthorized access is problematic though.
The authoring agencies have found that interferences can be avoided through improved cyber hygiene and guidance among systems, which is further explained in the advisory.
The advisory note said that actions such as changing passwords for operational technology, creating multi-factor authentication for accessing that technology, and limiting the exposure of operational technology to the internet should be taken immediately.
Earlier this year, there was a hack reported on a Texas water tower, causing it to overflow. The group of hackers believed to be responsible for the disruption is called Sandworm, and the group was linked to Russia in April.
Mandiant, a cybersecurity firm owned by Google, described Sandworm as a "dynamic and operationally mature threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations."
The Department of Justice charged several members of Sandworm in 2020 with crimes related to interfering with the US presidential election in 2016. Sandworm is also known for its hacking disruptions on a global scale, previously targeting Ukraine and South Korea.