Arab Press

بالشعب و للشعب
Saturday, May 31, 2025

Cybercriminals are selling access to water treatment plants like the one hacked in Florida — here's why experts think the problem could get worse

Cybercriminals are selling access to water treatment plants like the one hacked in Florida — here's why experts think the problem could get worse

Experts expect that "we'll see more news of attack scenarios and how those attacks can be monetized" because of ongoing security vulnerabilities.
Cybercriminals in underground forums have offered to sell access to hacked systems that control US power plants and water treatment systems, according to a new report from the threat intelligence firm Intel 471. Hackers likely took advantage of common security vulnerabilities in these systems, experts say — and they fear that such attacks could become more common as bad actors find ways to monetize the hacks.

The systems that cybercriminals offered access to bore a striking resemblance to the Oldsmar, Florida water treatment plant that was compromised by a hacker last week. Law enforcement officials said an unknown intruder gained access to software used by plant managers to remotely control its systems and attempted to raise the amount of sodium hydroxide — also known as lye — in the drinking water to dangerous levels.

Intel 471 researchers were careful to note that they don't have hard evidence proving that the cybercriminals offering access to hacked industrial systems are the same ones who hacked the Oldsmar plant. But their findings illustrate broader cyber vulnerabilities in US systems that control infrastructure. For years, experts have sounded alarm bells about potential issues with these so-called Supervisory Control and Data Acquisition systems (or SCADA systems), which monitor and control machines in the field.

"Attacks on SCADA systems are not new," an Intel 471 spokesperson said in response to emailed questions from Insider following the report. "It is often easy for non-sophisticated threat actors to identify internet-facing SCADA systems and gain access with very little effort."

In one instance logged by Intel 471, a cybercriminal in a Telegram channel popular with hackers offered in May 2020 to sell access to a "Groundwater Recovery & Treatment System" located in Florida. The hacker claimed to have broken into software used by administrators to remotely control the system, and included a screenshot that showed levels of sodium hydroxide in the water.

The person who posted the screenshots in the Telegram channel was likely an Iranian actor, Intel 471 researchers said. The Telegram channel in question was also tied to a 2020 hack of an Israeli water reservoir. There's no evidence to suggest that this person was motivated by anything other than monetary gain and notoriety, the spokesperson said.

The researchers' findings illustrate broader weaknesses in the cyber defenses of US critical infrastructure. Many industrial control systems can be easily located using online directories like Shodan, which logs internet-connected devices. From there, experts say even low-level hackers can scour out stolen or default login credentials to try to break into the software that controls the systems.

"SCADA systems are notorious for using weak default admin credentials, non-standard ports, and other technical identifiers," the spokesperson told Insider.

Too much critical infrastructure is connected to the public internet with lax security protections, in part because of egregiously low cybersecurity budgets.

Industrial systems are a growing target for profit-driven hackers across the board. In the past year, researchers have tracked cybercriminals probing computers connected to critical infrastructure and reselling access to those computers to more sophisticated hacking groups, according to the security firm Kaspersky.

"We believe the malicious actors have had, for quite a while, access to not only industrial organizations but also lots of information on their technological processes," Evgeny Goncharov, Kaspersky's head of Industrial Control Systems Cyber Emergency Response Team, said in a webinar Thursday. "Probably in the near future we'll see more news of attack scenarios and how those attacks can be monetized."

The FBI published a joint advisory with the Cybersecurity and Infrastructure Security Agency on Thursday advising critical infrastructure agencies to install the latest version of Windows and urging them to be on the lookout for suspicious logins to their remote access software.
Newsletter

Related Articles

Arab Press
0:00
0:00
Close
Meta and Anduril Collaborate on AI-Driven Military Augmented Reality Systems
EU Central Bank Pushes to Replace US Dollar with Euro as World’s Main Currency
European and Arab Ministers Convene in Madrid to Address Gaza Conflict
Head of Gaza Aid Group Resigns Amid Humanitarian Concerns
U.S. Health Secretary Ends Select COVID-19 Vaccine Recommendations
Trump Warns Putin Is 'Playing with Fire' Amid Escalating Ukraine Conflict
India and Pakistan Engage Trump-Linked Lobbyists to Influence U.S. Policy
U.S. Halts New Student Visa Interviews Amid Enhanced Security Measures
Trump Administration Cancels $100 Million in Federal Contracts with Harvard
SpaceX Starship Test Flight Ends in Failure, Mars Mission Timeline Uncertain
King Charles Affirms Canadian Sovereignty Amid U.S. Statehood Pressure
Iranian Revolutionary Guard Founder Warns Against Trusting Regime in Nuclear Talks
Netanyahu Accuses Starmer of Siding with Hamas
Calls Grow to Resume Syrian Asylum Claims in UK
UAE Offers Free ChatGPT Plus Subscriptions to Citizens
Denmark Increases Retirement Age to 70, Setting a European Precedent
Iranian Director Jafar Panahi Wins Palme d'Or at Cannes
Israeli Airstrike Kills Nine Children of Gaza Doctor
Lebanon Initiates Plan to Disarm Palestinian Factions
Iran and U.S. Make Limited Progress in Nuclear Talks
Trump Administration's Tariff Policies and Dollar Strategy Spark Global Economic Debate
OpenAI Acquires Jony Ive’s Startup for $6.5 Billion to Build a Revolutionary “Third Core Device”
Turkey Weighs Citizens in Public as Erdoğan Launches National Slimming Campaign
UK Suspends Trade Talks with Israel Amid Gaza Offensive
Iran and U.S. Set for Fifth Round of Nuclear Talks Amid Rising Tensions
Russia Expands Military Presence Near Finland Amid Rising Tensions
Indian Scholar Arrested in Crackdown Over Pakistan Conflict Commentary
Israel Eases Gaza Blockade Amid Internal Dispute Over Military Strategy
President Biden’s announcement of advanced prostate cancer sparked public sympathy—but behind closed doors, Democrats are in panic
Mount Lewotobi Laki-Laki Erupts Again, Spewing Ash Cloud over Flores Island
Indian jet shootdown: the all-robot legion behind China’s PL-15E missiles
The Chinese Dragon: The True Winner in the India-Pakistan Clash
Australia's Venomous Creatures Contribute to Life-Saving Antivenom Programme
The Spanish Were Right: Long Working Hours Harm Brain Function
Did Former FBI Director Call for Violence Against Trump? Instagram Post Sparks Uproar
US and UAE Partner to Develop Massive AI Data Center Complex
Apple's $95 Million Siri Settlement: Eligible Users Have Until July 2 to File Claims
US and UAE Reach Preliminary Agreement on Nvidia AI Chip Imports
President Trump and Elon Musk Welcomed by Emir of Qatar Sheikh Tamim with Cybertruck Convoy
Strong Warning Issued: Do Not Use General Chatbots for Medical, Legal, or Educational Guidance
NVIDIA and Saudi Arabia Launch Strategic Partnership to Establish AI Centers
Trump Meets Syrian President Ahmad al-Shara in Historic Encounter
US and Saudi Arabia Sign Landmark Agreements Across Multiple Sectors
Why Saudi Arabia Rolled Out a Purple Carpet for Donald Trump Instead of Red
Elon Musk Joins Trump Meeting in Saudi Arabia
Trump says it would be 'stupid' not to accept gift of Qatari plane
Quantum Computing Threatens Bitcoin Security
Michael Jordan to Serve as Analyst for NBA Games
Senate Democrats Move to Censure Trump Over Qatar Jet Gift
Hamas Releases Last Living US Hostage from Gaza Amid Ongoing Conflict
×