London Daily

Focus on the big picture.
Wednesday, Jul 15, 2026

Cybercriminals are selling access to water treatment plants like the one hacked in Florida — here's why experts think the problem could get worse

Cybercriminals are selling access to water treatment plants like the one hacked in Florida — here's why experts think the problem could get worse

Experts expect that "we'll see more news of attack scenarios and how those attacks can be monetized" because of ongoing security vulnerabilities.
Cybercriminals in underground forums have offered to sell access to hacked systems that control US power plants and water treatment systems, according to a new report from the threat intelligence firm Intel 471. Hackers likely took advantage of common security vulnerabilities in these systems, experts say — and they fear that such attacks could become more common as bad actors find ways to monetize the hacks.

The systems that cybercriminals offered access to bore a striking resemblance to the Oldsmar, Florida water treatment plant that was compromised by a hacker last week. Law enforcement officials said an unknown intruder gained access to software used by plant managers to remotely control its systems and attempted to raise the amount of sodium hydroxide — also known as lye — in the drinking water to dangerous levels.

Intel 471 researchers were careful to note that they don't have hard evidence proving that the cybercriminals offering access to hacked industrial systems are the same ones who hacked the Oldsmar plant. But their findings illustrate broader cyber vulnerabilities in US systems that control infrastructure. For years, experts have sounded alarm bells about potential issues with these so-called Supervisory Control and Data Acquisition systems (or SCADA systems), which monitor and control machines in the field.

"Attacks on SCADA systems are not new," an Intel 471 spokesperson said in response to emailed questions from Insider following the report. "It is often easy for non-sophisticated threat actors to identify internet-facing SCADA systems and gain access with very little effort."

In one instance logged by Intel 471, a cybercriminal in a Telegram channel popular with hackers offered in May 2020 to sell access to a "Groundwater Recovery & Treatment System" located in Florida. The hacker claimed to have broken into software used by administrators to remotely control the system, and included a screenshot that showed levels of sodium hydroxide in the water.

The person who posted the screenshots in the Telegram channel was likely an Iranian actor, Intel 471 researchers said. The Telegram channel in question was also tied to a 2020 hack of an Israeli water reservoir. There's no evidence to suggest that this person was motivated by anything other than monetary gain and notoriety, the spokesperson said.

The researchers' findings illustrate broader weaknesses in the cyber defenses of US critical infrastructure. Many industrial control systems can be easily located using online directories like Shodan, which logs internet-connected devices. From there, experts say even low-level hackers can scour out stolen or default login credentials to try to break into the software that controls the systems.

"SCADA systems are notorious for using weak default admin credentials, non-standard ports, and other technical identifiers," the spokesperson told Insider.

Too much critical infrastructure is connected to the public internet with lax security protections, in part because of egregiously low cybersecurity budgets.

Industrial systems are a growing target for profit-driven hackers across the board. In the past year, researchers have tracked cybercriminals probing computers connected to critical infrastructure and reselling access to those computers to more sophisticated hacking groups, according to the security firm Kaspersky.

"We believe the malicious actors have had, for quite a while, access to not only industrial organizations but also lots of information on their technological processes," Evgeny Goncharov, Kaspersky's head of Industrial Control Systems Cyber Emergency Response Team, said in a webinar Thursday. "Probably in the near future we'll see more news of attack scenarios and how those attacks can be monetized."

The FBI published a joint advisory with the Cybersecurity and Infrastructure Security Agency on Thursday advising critical infrastructure agencies to install the latest version of Windows and urging them to be on the lookout for suspicious logins to their remote access software.
Newsletter

Related Articles

0:00
0:00
Close
Forget Tinder: The Surprising Platform Where People Find Love
Spain in Ecstasy: "We Feel Unbeatable, We Taught the Whole World a Lesson"
UK Government Faces Growing Debate Over Local Control of Immigration Enforcement
UK Biodiversity Forum Highlights Business Need to Protect Natural Environment
UK Parliament to Consider Workplace Temperature Limits Amid Climate Concerns
UK Parliament Considers Independent Immigration Appeals Authority Proposal
BBC Charter Renewal Scrutiny Intensifies as Parliament Reviews Broadcaster’s Future
Parliament Reviews Future of UK Maternity and Neonatal Care Services
UK-India Trade Accelerator Launched to Help Smaller Firms Expand Into Indian Market
UK Business Leaders Meet in Edinburgh to Address Economic Risks From Biodiversity Loss
UK Parliament Prepares for Sir Keir Starmer’s Final Prime Minister’s Questions Before Leadership Transition
Green Party-Led Lewisham Council Moves Against Cooperation With Home Office Immigration Raids
UK Government Faces Parliamentary Pressure Over Capita Contracts in Shared Services Programme
UK Economy Expected to See Modest Growth as OECD Highlights Fiscal and Global Risks
Public Accounts Committee Warns UK Government’s Four Point Three Billion Pound Shared Services Plan Risks Failure
EU and UK Sign Agreement Removing Gibraltar Border Controls After Years of Post-Brexit Uncertainty
OECD Warns UK Must Maintain Fiscal Discipline as Andy Burnham Prepares to Become Prime Minister
UK-India Free Trade Agreement Enters Into Force as Businesses Seek New Growth Opportunities
Harvard Astrophysicist to Lead U.S. Scientific Advisory on Unidentified Aerial Phenomena
On the Island That Did Not Yield to Trump, There Is No Electricity, and 10 Million Live in Darkness
Emergency Sirens Activated Across Bahrain as Interior Ministry Issues Shelter Directives
Key Trends to Watch
United Nations Expert Calls for Full Implementation of Supreme Court Ruling on Legal Definition of Sex
Industry Coalition Urges Labour Lawmakers to Back Continued North Sea Oil and Gas Production
Parliamentary Committee Calls for Tougher Restrictions on Unhealthy Food Advertising
Government Expands Awaab's Law to Cover Heat and Additional Housing Hazards
Energy Regulator Opens Independent Investigation Into National Grid Operator
United Kingdom and European Union Sign Landmark Gibraltar Border Agreement
Chancellor Unveils Financial Services Reform and Artificial Intelligence Strategy at Mansion House
Counterterrorism Police Take Over Investigation Into Killing of Former Minister Ann Widdecombe
Beer Industry Warns UK Rules Could Limit Growth of Alcohol-Free Market
Home Office Faces Legal Challenges Over Asylum Seeker Accommodation Closures
UK Heatwaves Linked to More Than Two Thousand Seven Hundred Deaths as Climate Debate Intensifies
Home Secretary Faces Pressure Over Political Security After Ann Widdecombe Murder Investigation
United Kingdom Opens Trade Consultation With Indonesia, Philippines, United Arab Emirates and Uruguay
Robert Jenrick Joins Reform UK After Leaving Conservative Party Leadership Role
Counter-Terrorism Police Take Over Investigation into Murder of Former MP Ann Widdecombe
Andy Burnham Secures Strong Labour Backing in Race to Succeed Keir Starmer
Global Markets Slide as Middle East Conflict Escalation Sends Oil Prices Higher
UK Prime Minister Keir Starmer Offers Condolences Following Death of Qatar’s Father Amir
UK Regional Innovation Policy Focuses on Research Clusters Across Scotland, Wales, and Northern England
UK Corporate Transparency Rules Set to Become More Strict Under Modern Slavery Reform Plans
UK Civil Service Estate Strategy Shifts Government Activity Away From London
UK Strengthens National Security Powers Through New Threat Designations
Greater Manchester Police Conduct Drink and Drug Driving Operations After Football Events
UK Government Advances Darlington Economic Campus With Construction Milestone
UK Authorities Increase Football-Related Security Operations After Tournament Fixtures
UK Invests Fifty-One Million Pounds in National Cryogenics Facility and Regional Innovation Hubs
UK Moves Toward Tougher Modern Slavery Reporting Rules With Corporate Penalties
UK Government Reports Forty-Three Million Pounds in Savings From Office Estate Reform
×