Hackers who claim to be the 'Cyber Army of Russia Reborn' disrupt a water tower system in rural Texas

The FBI has been investigating the hack in Muleshoe, Tex.
(City of Muleshoe, Texas photo via CNN)

While the number of computer hacks on American businesses by foreign actors has steadily increased, a hack in Muleshoe, Texas, in January might be the "first disruption of U.S. water system by Russia," reports Ellen Nakashima of The Washington Post. A Muleshoe citizen drove past the town's water tower, saw it was overflowing and alerted the police. "Authorities soon determined the system that controlled the city's water supply had been hacked. . . . Thousands of gallons of water had flowed into the street and drain pipes."

The hackers, who identified themselves as the Cyber Army of Russia Reborn, "Posted a video online of the town's water-control systems showing how they reset the controls," Nakashima writes. Using the messaging platform Telegram, the hackers posted a caption that read, "We're starting another raid on the USA." The hackers proceeded to explain how they were going to target U.S. infrastructure.

Location of Muleshoe, Tex., pop
5,200 (Wikipedia map)

Experts from the cyber security firm Mandiant believe "that the water tank overflow in a Texas panhandle town may well be linked to one of the most infamous Russian government hacking groups," Nakashima reports. "If confirmed, analysts say it would mark a worrisome escalation by Moscow in its attempts to disrupt critical U.S. infrastructure by targeting one of its weakest sectors: water utilities."

The notorious Russian hacking group, nicknamed "Sandworm, has achieved notoriety for briefly turning out the lights in parts of Ukraine at least three different times; hacking the Olympics Opening Games in South Korea in 2018; and launching NotPetya, one of the most damaging cyberattacks ever that cost businesses worldwide tens of billions of dollars," Nakashima explains.

Muleshoe's city manager, Ramon Sanchez, told Nakashima, "You don't think that's going to happen to you. It's always going to happen to the other guy." Nakashima reports, "Sanchez said the hackers brute-forced the password for the system's control system interface, which was run by a vendor. That password hadn't been changed in more than a decade."