Hacktivist Intrusions into Canadian Industrial Control Systems
Hacktivists have breached multiple internet-accessible industrial control systems (ICS) across Canada, targeting critical infrastructure sectors including water treatment, oil and gas, and agriculture. In one incident, attackers tampered with water pressure values at a water facility, leading to degraded service for the local community. Another attack involved manipulating an Automated Tank Gauge (ATG) at an oil and gas company, which triggered false alarms, while a third incident saw the manipulation of temperature and humidity controls at a grain drying silo, creating potentially unsafe conditions. Authorities report that these attacks were opportunistic rather than highly sophisticated, with the primary aim of causing disruption, generating media attention, and undermining public trust in Canadian infrastructure.
The Canadian Centre for Cyber Security and the Royal Canadian Mounted Police have issued alerts to raise awareness about the increased threat to internet-exposed ICS and to urge organizations to strengthen their security measures. While the incidents did not result in catastrophic consequences, they highlight the risks posed by insufficiently secured ICS and the growing interest of hacktivist groups in targeting such systems. The authorities emphasize the need for improved detection and mitigation strategies to prevent similar attacks in the future and to protect critical infrastructure from both opportunistic and more advanced threat actors.
Sources
1 more from sources like securityaffairs
Related Stories
Hackers Tamper with Canadian Critical Infrastructure Control Systems
Hackers have remotely tampered with operational settings in multiple Canadian critical infrastructure organizations, including a provincial water utility, an oil and gas company, and a grain drying silo. The Canadian Centre for Cyber Security issued an alert warning that attackers manipulated pressure valves at a water utility, degrading services, and triggered false alerts at an oil and gas company by altering automated tank gauges. In another incident, temperature and humidity controls were changed at a grain silo, creating potential safety risks. These attacks highlight the vulnerability of small, budget-constrained utilities to cyber threats targeting industrial control systems. The incidents underscore a growing trend of cyberattacks against critical infrastructure, with attackers exploiting remote access to manipulate physical processes and disrupt essential services. The advisory emphasizes the need for improved cybersecurity measures in the sector, as many organizations lack the resources and preparedness to defend against sophisticated threats. No specific attribution has been made public, but the attacks have raised concerns about the safety and reliability of essential services in Canada.
4 months agoHacktivist and Cyberattacks Targeting Water Utilities and Critical Infrastructure
Canada’s Centre for Cyber Security has issued a warning about the increasing threat posed by hacktivists and other malicious actors targeting industrial control systems (ICS) in critical sectors such as water, oil and gas, and agriculture. The agency highlighted recent real-world incidents where attackers gained access to control systems, including a case where hackers tampered with water pressure at a Canadian water utility, impacting customer service. The alert also referenced similar attacks in the United States, such as the Cyber Av3ngers’ intrusion into a Pennsylvania water authority’s ICS and the Oldsmar, Florida incident where a hacker attempted to alter chemical levels in the water supply. These events underscore the risks associated with internet-exposed ICS devices and the potential for operational disruption. In the United Kingdom, reports obtained from the Drinking Water Inspectorate (DWI) reveal that five cyberattacks have targeted Britain’s drinking water suppliers since early 2024. While none of these incidents directly compromised the safety of the water supply, they did affect the organizations responsible for its delivery. The DWI noted that current regulations only require formal reporting of cyber incidents that disrupt essential services, potentially leaving other significant threats unreported. British officials are considering changes to the legal framework to lower the threshold for mandatory disclosure of cyber incidents affecting critical infrastructure. Both Canadian and British authorities emphasize the growing cyber risk to water utilities and the need for improved resilience and reporting standards.
4 months agoPro-Russia Hacktivist Attacks on Critical Infrastructure via Exposed VNC and OT Systems
Pro-Russia hacktivist groups, including Cyber Army of Russia Reborn (CARR), NoName057(16), Z-Pentest, and Sector16, have escalated their operations from DDoS attacks to targeting operational technology (OT) systems in critical infrastructure sectors such as water, food, agriculture, and energy. These groups exploit exposed Virtual Network Computing (VNC) connections with weak security, using tools like Nmap and brute-force attacks to gain access to human-machine interfaces (HMIs). Once inside, they manipulate system parameters, disable alarms, and cause operational disruptions, often publicizing their actions for propaganda purposes. The U.S. and international cybersecurity agencies have issued joint advisories detailing these tactics, highlighting the opportunistic nature of these attacks and the use of MITRE ATT&CK techniques ranging from reconnaissance to impact, including "loss of view" scenarios that force manual intervention. Recent U.S. government indictments and sanctions confirm that CARR was founded and directed by Russian military intelligence (GRU) as a means to conduct unattributable disruptive operations. Notable incidents attributed to these groups include attacks on public drinking water systems, resulting in water spills, and a Los Angeles meat processing facility, which suffered spoiled products and an ammonia leak. While the technical sophistication of these actors is limited, their ability to cause downtime, remediation costs, and occasional physical damage underscores the persistent risk posed by exposed OT systems and weak remote access protections in critical infrastructure environments.
2 months ago