The Wall Street Journal is reporting (paywall) that American Water, the largest water utility provider in the US has shut down a significant portion of it’s operations due to a security a security breach. It’s unclear whether the attack was a ransomware attack or intended to do even more harm.
The group behind the attack is believed to be Salt Typhoon, a Chinese group with links to the Chinese government who have carried recent attacks against American telecom firms like Verizon and AT&T, specifically going after US Federal Government wiretapping infrastructure located within those environments.
According to American Water, the systems most affected seem to be billing and front end systems – which potentially means that customer data was exfiltrated, although that remains to be seen. American Waters CnC (command and control) systems appear so far to have not been impacted by the attack. Operations have continued without interruption, but American Water did announce a temporary moratorium on billing and associated activities while they sort the mess out.
While, at face value, the attack is relatively standard in terms of it’s apparent aims and methods, it does represent an ever-increasing trend targeting infrastructure and utilities within the US, likely in advance of even bigger objectives.
This situation highlights the vulnerability of critical systems in the face of cyber threats. It’s concerning that customer data may have been compromised, raising questions about security measures. The fact that operations continue uninterrupted is a small relief, but the moratorium on billing indicates significant disruption. How prepared are other utilities to handle similar attacks in the future?
It seems American Water’s billing systems were compromised, possibly leading to data exfiltration, though this is yet to be confirmed. Fortunately, their command and control systems remain unaffected, allowing operations to continue uninterrupted. The temporary halt in billing activities suggests the company is prioritizing security over immediate revenue collection. Such attacks on critical infrastructure highlight the growing threats to utilities in the U.S. What measures can be taken to prevent future attacks on essential services like water systems?