- Authorities are investigating a suspected ransomware attack against the North Texas Municipal Water District, which appears to be unrelated to a weekend attack against the Municipal Water Authority of Aliquippa in western Pennsylvania.
- The attack in North Texas has disrupted phone services since Nov. 12 and impacted the district’s business computer systems. The incident did not impact water, wastewater or solid waste services for customers, according to a spokesperson for the district.
- Daixan Team, a criminal group known for attacking healthcare systems, has claimed responsibility for the attack, according to researcher Dominic Alvieri and confirmed by researchers at Check Point. The group claimed to have stolen thousands of files containing sensitive customer data.
The water district serves a wide area of more than 2 million people, including Plano and McKinney, Texas.
The district brought in third-party forensic experts, who are investigating what impact the intrusion had on operations. The district is also investigating whether there was any impact on district data.
The FBI on Wednesday said it was investigating multiple suspected utility cyberattacks across the U.S., one day after the Cybersecurity and Infrastructure Security Agency issued an advisory about threat groups exploiting Unitronics programmable logic controllers at water treatment facilities.
An Iran-linked group called Cyber Av3ngers claimed responsibility for an attack on Saturday against the Municipal Water Authority of Aliquippa, which provides water treatment to multiple locations in western Pennsylvania.
Democratic legislators representing Pennsylvania — Sens. Bob Casey and John Fetterman and Rep. Chris Deluzio — wrote a letter to Attorney General Merrick Garland on Tuesday urging an investigation from the Department of Justice. The letter claimed Cyber Av3ngers attacked the facility in connection with Israeli-made equipment used at the facility.
Researchers at Check Point previously told Cybersecurity Dive that Cyber Av3ngers has been linked to attacks on critical infrastructure in Israel since the start of the latest Israel-Hamas war in early October.
“These attacks are continued evidence that industrial security is in need of significant improvements, and government regulation at some capacity is necessary to ensure the cyber safety of public services like water and wastewater systems,” Marty Edwards, deputy CTO for OT/IoT at Tenable, said via email.