Russian hackers, identified as Sandworm, caused a water tank overflow in a small Texas town called Muleshoe in January. This was a concerning attack on US infrastructure and Mandiant, a cybersecurity firm, has confirmed the group responsible for the attack. Sandworm is known for their mature and dynamic approach to cyber threats and is actively engaged in espionage, attacks, and influence operations.
Security experts believe that Sandworm may be connected to the Russian spy agency, GRU. While most state-backed threat groups typically specialize in specific areas of cyber attacks, Sandworm is unique in its ability to combine various capabilities into one comprehensive package. The hackers shared a video on Telegram demonstrating how they manipulated Muleshoe’s water system, overpowering it and resetting the controls.
The hackers referred to themselves as the Cyber Army of Russia Reborn in the videos, signaling that this was the first attack on a public American infrastructure system by the group. US officials linked a separate attack on water systems in Pennsylvania in November to Iran. Ramon Sanchez, Muleshoe’s city manager, reported that the water tank overflowed for 30 to 35 minutes during the attack.
Sandworm has been previously linked to various cyber attacks worldwide, including on Ukraine’s power grid and the 2018 Olympic Games in South Korea. In 2020, the US Department of Justice charged six members of the group with crimes related to their cyber attacks, including disrupting the 2016 US presidential elections. The Justice Department also accused the group of creating a virus called NotPetya