Poland says hackers breached water treatment plants, and the U.S. is facing the same threat

Poland’s quality work said it detected attacks connected 5 h2o attraction plants wherever hackers could person taken power of the concern instrumentality inside, including, successful the worst case, tampering with the information of the h2o supply.

The communicative is applicable beyond Poland’s borders: U.S. h2o infrastructure has faced akin threats successful caller years. In 2021, a hacker concisely gained entree to a water attraction works successful Oldsmar, Florida and attempted to summation the level of sodium hydroxide — a caustic chemic — to unsafe levels. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) person since warned that h2o utilities stay a brushed people for overseas hackers.

On Friday, Poland’s Internal Security Agency, the country’s apical quality agency, published a report covering the past 2 years of the agency’s operations and threats the state faced. The study said Polish quality thwarted aggregate acts of sabotage from Russian authorities spies and hackers, who targeted subject facilities, captious infrastructure (essential systems specified arsenic powerfulness grids, h2o supplies, and proscription networks), arsenic good arsenic civilian targets. These attacks, according to the report, whitethorn person resulted successful fatalities.  

“The astir superior situation remains the sabotage enactment against Poland, inspired and organized by Russian quality services. This menace was (and is) existent and immediate. It requires afloat mobilization,” work the report.

The study did not specify whether the hackers down the attacks connected the h2o attraction facilities were Russian authorities spies. But Poland has precocious been the people of respective attempts by Russian authorities hackers to onslaught its infrastructure, including a failed effort to bring down the country’s vigor grid. That breach was later attributed to mediocre information controls astatine the targeted facilities.

Poland’s acquisition is portion of a increasing planetary signifier of attacks connected h2o and vigor infrastructure. As precocious arsenic past month, a associated advisory from the Cybersecurity and Infrastructure Security Agency, the FBI, the NSA, and respective different national agencies warned that Iranian-backed hackers are actively targeting programmable logic controllers — the concern computers that tally h2o and vigor facilities — astatine U.S. utilities. The aforesaid Iranian hacking group, CyberAv3ngers, antecedently broke into integer power panels astatine aggregate U.S. h2o attraction plants successful Pennsylvania successful 2023, successful attacks that national agencies linked to escalating hostilities successful the Middle East.

In different words, the attacks against Poland are not unique, they travel a strategy that the Russian authorities is applying some successful warfare zones specified arsenic Ukraine, arsenic good arsenic against Western countries that it sees arsenic longstanding enemies. The plan, according to Polish intelligence, is to destabilize and weaken the West, and cyberattacks and cyberespionage are conscionable tools successful a larger toolkit for Putin’s regime.