Hacktivist and Cyberattacks Targeting Water Utilities and Critical Infrastructure
Canada’s Centre for Cyber Security has issued a warning about the increasing threat posed by hacktivists and other malicious actors targeting industrial control systems (ICS) in critical sectors such as water, oil and gas, and agriculture. The agency highlighted recent real-world incidents where attackers gained access to control systems, including a case where hackers tampered with water pressure at a Canadian water utility, impacting customer service. The alert also referenced similar attacks in the United States, such as the Cyber Av3ngers’ intrusion into a Pennsylvania water authority’s ICS and the Oldsmar, Florida incident where a hacker attempted to alter chemical levels in the water supply. These events underscore the risks associated with internet-exposed ICS devices and the potential for operational disruption.
In the United Kingdom, reports obtained from the Drinking Water Inspectorate (DWI) reveal that five cyberattacks have targeted Britain’s drinking water suppliers since early 2024. While none of these incidents directly compromised the safety of the water supply, they did affect the organizations responsible for its delivery. The DWI noted that current regulations only require formal reporting of cyber incidents that disrupt essential services, potentially leaving other significant threats unreported. British officials are considering changes to the legal framework to lower the threshold for mandatory disclosure of cyber incidents affecting critical infrastructure. Both Canadian and British authorities emphasize the growing cyber risk to water utilities and the need for improved resilience and reporting standards.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
8 events from the most recent confirmed update back to the earliest known activity.
UK Cyber Security and Resilience Bill expected to reach Parliament
Reporting said the proposed UK Cyber Security and Resilience Bill is expected to reach Parliament in 2025 and could expand mandatory reporting to include attacks that could affect water supply. The proposal was framed as a response to gaps in current disclosure requirements.
Canada Cyber Centre warns hacktivists are increasingly targeting ICS
The Canada Cyber Centre warned that hacktivists are increasingly targeting industrial control systems, underscoring a broader trend affecting critical infrastructure operators. The warning aligned with contemporaneous reporting on water-sector cyber incidents in the UK and elsewhere.
Reports highlight attacks on Britain's drinking water suppliers
News reports published in early November 2025 said hackers had been attacking Britain's drinking water suppliers and drew attention to multiple incidents since the start of 2024. The coverage emphasized concerns about underreporting under the UK's NIS regulations.
Recorded Future News obtains DWI incident details via FOI
Recorded Future News used UK freedom of information laws to obtain details from the Drinking Water Inspectorate about cyber incidents affecting drinking water suppliers. The reporting brought previously undisclosed sector incident data into public view.
Five cyber incidents affect UK drinking water systems
Since January 1, 2024, five cyber incidents have affected UK drinking water systems, according to details later obtained from the Drinking Water Inspectorate under freedom of information laws. The incidents highlighted ongoing cyber exposure in Britain's water sector.
Volt Typhoon intrusion at US water facility is attributed by CISA
CISA attributed an intrusion into a US water facility to the China-linked group Volt Typhoon. The incident was cited alongside other water-sector cases to illustrate escalating threats to critical infrastructure.
Cyber Av3ngers disrupts water services in Ireland
A late-2023 disruption affecting water services in Ireland was attributed to the pro-Iranian hacktivist group Cyber Av3ngers. The case was later referenced as evidence of growing hacktivist interest in operational technology and water infrastructure.
Clop ransomware attacks South Staffordshire Water
South Staffordshire Water was hit by a Clop ransomware attack, an earlier example cited in later reporting on cyber risks to water infrastructure. The incident became part of the broader pattern of attacks on water utilities in the UK and beyond.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Cyberattacks on UK water systems reveal rising risks to critical infrastructure
malwarebytes.com
Open sourceHacktivists increasingly target industrial control systems, Canada Cyber Centre warns
csoonline.com
Open sourceHackers are attacking Britain’s drinking water suppliers
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Hacktivist Intrusions into Canadian Industrial Control Systems
Hacktivists have breached multiple internet-accessible industrial control systems (ICS) across Canada, targeting critical infrastructure sectors including water treatment, oil and gas, and agriculture. In one incident, attackers tampered with water pressure values at a water facility, leading to degraded service for the local community. Another attack involved manipulating an Automated Tank Gauge (ATG) at an oil and gas company, which triggered false alarms, while a third incident saw the manipulation of temperature and humidity controls at a grain drying silo, creating potentially unsafe conditions. Authorities report that these attacks were opportunistic rather than highly sophisticated, with the primary aim of causing disruption, generating media attention, and undermining public trust in Canadian infrastructure. The Canadian Centre for Cyber Security and the Royal Canadian Mounted Police have issued alerts to raise awareness about the increased threat to internet-exposed ICS and to urge organizations to strengthen their security measures. While the incidents did not result in catastrophic consequences, they highlight the risks posed by insufficiently secured ICS and the growing interest of hacktivist groups in targeting such systems. The authorities emphasize the need for improved detection and mitigation strategies to prevent similar attacks in the future and to protect critical infrastructure from both opportunistic and more advanced threat actors.
Mar 21, 2026
Hackers Tamper with Canadian Critical Infrastructure Control Systems
Hackers have remotely tampered with operational settings in multiple Canadian critical infrastructure organizations, including a provincial water utility, an oil and gas company, and a grain drying silo. The Canadian Centre for Cyber Security issued an alert warning that attackers manipulated pressure valves at a water utility, degrading services, and triggered false alerts at an oil and gas company by altering automated tank gauges. In another incident, temperature and humidity controls were changed at a grain silo, creating potential safety risks. These attacks highlight the vulnerability of small, budget-constrained utilities to cyber threats targeting industrial control systems. The incidents underscore a growing trend of cyberattacks against critical infrastructure, with attackers exploiting remote access to manipulate physical processes and disrupt essential services. The advisory emphasizes the need for improved cybersecurity measures in the sector, as many organizations lack the resources and preparedness to defend against sophisticated threats. No specific attribution has been made public, but the attacks have raised concerns about the safety and reliability of essential services in Canada.
Mar 21, 2026
Chinese State-Linked Cyber Intrusions Targeting US Water Utilities
Hackers associated with China have gained unauthorized access to the IT networks of hundreds of small and medium-sized water utilities and other critical infrastructure providers across the United States. These intrusions are believed to be part of a broader strategy to position Chinese actors to sabotage American water and power supplies in the event of a geopolitical conflict, particularly if tensions escalate over Taiwan. U.S. officials have been aware of this threat for over two years, and recent reporting has brought renewed attention to the scale and persistence of these cyber operations. The targeted utilities are often located in rural areas and small towns, which typically lack the cybersecurity resources and expertise of larger metropolitan systems. The operational technology (OT) systems that control water treatment and distribution are especially vulnerable due to their increasing automation and remote accessibility. The risk is compounded by a significant resource gap, as many of these utilities struggle to defend against sophisticated nation-state threats. Efforts to bolster defenses have included the launch of two non-profit initiatives aimed at supporting critical infrastructure operators, but these programs face their own limitations. One of the non-profits has paused its activities to recalibrate its approach, while the other is only able to provide assistance in a limited number of states due to resource constraints. The threat underscores the broader challenge of protecting critical infrastructure in the United States, where many essential services are managed by small organizations with limited budgets. The potential for cyber sabotage of water and power systems raises concerns about the resilience of civilian infrastructure in the face of international conflict. U.S. government agencies have issued warnings and guidance to utilities, but implementation of robust security measures remains inconsistent. The situation highlights the need for increased investment in cybersecurity for critical infrastructure, particularly in rural and underserved areas. The ongoing threat from Chinese-linked hackers demonstrates the strategic importance of water and power utilities as potential targets in modern cyber warfare. The exposure of these vulnerabilities has prompted calls for greater public-private collaboration and federal support. The risk is not limited to water utilities, as other sectors of critical infrastructure may face similar threats from state-sponsored actors. The revelations serve as a wake-up call for the urgent need to address cybersecurity gaps in essential services. The possibility of coordinated attacks on infrastructure during a geopolitical crisis could have far-reaching consequences for national security and public safety. The current state of preparedness among small utilities is insufficient to counter the scale and sophistication of the threat. The situation remains dynamic, with ongoing efforts to assess and mitigate the risks posed by foreign cyber actors.
Mar 21, 2026