The House Committee on Homeland Security released a “Cyber Threat Snapshot” examining the growing threats posed by malign nation-states and criminal networks to U.S. critical infrastructure. The snapshot particularly focuses on the threats posed by the Chinese-affiliated threat groups Volt Typhoon and Salt Typhoon, as well as the Iranian Islamic Revolutionary Guard Corps, both of which have been known to target the water sector. It cites incidents going back to 2021, including water sector incidents (see the Key Developments section) such as the recent attack at American Water and the past string of sector-related incidents in December 2023. According to the report, cyber attacks on critical infrastructure rose 30% globally in 2023.
Key Developments: (A few selections from the report)
OCTOBER 2024: Salt Typhoon––A threat actor associated with the PRC, Salt Typhoon, reportedly infiltrated backdoors in major internet service providers such as Verizon and AT&T to conduct espionage on law enforcement’s wiretapping requests and potentially exfiltrate data. This intrusion included accessing the phones of presidential candidates for surveillance purposes. The intrusion is still being investigated by authorities, but reports indicate phone call data and the locations of certain customers were potentially accessed, as well as call audio. There is no information available yet on how many calls were accessed, if so.
OCTOBER 2024: American Water Works––The networks of one of the country’s major water utilities were breached by an unidentified cyber threat actor, forcing the company to shut down the online customer portal and billing services for days in an attempt to protect customer data. The operational technology involved in water treatment operations was reportedly unaffected in the attack. The company provides services to more than 14 million Americans, including 18 military installations. Actor attribution has not been made, although nation-state actors such as China, Iran, and Russia have been known to target the sector
DECEMBER 2024: Water Facilities––An Iranian-linked hacking group, Cyber Av3ngers, infiltrated Israeli software used in U.S. water and wastewater facilities in the wake of the October 7 Hamas terrorist attacks. For example, the group accessed a component that regulates water pressure at a water authority in Pennsylvania, forcing the facility to utilize manual controls. In February 2024, the Treasury Department sanctioned IRGC-affiliated cyber actors involved in these operations.
Access the full Cyber Threat Snapshot at the Committee on Homeland Security.
Additional Resources:
