London Daily

Focus on the big picture.
Friday, Aug 08, 2025

Cybercriminals are selling access to water treatment plants like the one hacked in Florida — here's why experts think the problem could get worse

Cybercriminals are selling access to water treatment plants like the one hacked in Florida — here's why experts think the problem could get worse

Experts expect that "we'll see more news of attack scenarios and how those attacks can be monetized" because of ongoing security vulnerabilities.
Cybercriminals in underground forums have offered to sell access to hacked systems that control US power plants and water treatment systems, according to a new report from the threat intelligence firm Intel 471. Hackers likely took advantage of common security vulnerabilities in these systems, experts say — and they fear that such attacks could become more common as bad actors find ways to monetize the hacks.

The systems that cybercriminals offered access to bore a striking resemblance to the Oldsmar, Florida water treatment plant that was compromised by a hacker last week. Law enforcement officials said an unknown intruder gained access to software used by plant managers to remotely control its systems and attempted to raise the amount of sodium hydroxide — also known as lye — in the drinking water to dangerous levels.

Intel 471 researchers were careful to note that they don't have hard evidence proving that the cybercriminals offering access to hacked industrial systems are the same ones who hacked the Oldsmar plant. But their findings illustrate broader cyber vulnerabilities in US systems that control infrastructure. For years, experts have sounded alarm bells about potential issues with these so-called Supervisory Control and Data Acquisition systems (or SCADA systems), which monitor and control machines in the field.

"Attacks on SCADA systems are not new," an Intel 471 spokesperson said in response to emailed questions from Insider following the report. "It is often easy for non-sophisticated threat actors to identify internet-facing SCADA systems and gain access with very little effort."

In one instance logged by Intel 471, a cybercriminal in a Telegram channel popular with hackers offered in May 2020 to sell access to a "Groundwater Recovery & Treatment System" located in Florida. The hacker claimed to have broken into software used by administrators to remotely control the system, and included a screenshot that showed levels of sodium hydroxide in the water.

The person who posted the screenshots in the Telegram channel was likely an Iranian actor, Intel 471 researchers said. The Telegram channel in question was also tied to a 2020 hack of an Israeli water reservoir. There's no evidence to suggest that this person was motivated by anything other than monetary gain and notoriety, the spokesperson said.

The researchers' findings illustrate broader weaknesses in the cyber defenses of US critical infrastructure. Many industrial control systems can be easily located using online directories like Shodan, which logs internet-connected devices. From there, experts say even low-level hackers can scour out stolen or default login credentials to try to break into the software that controls the systems.

"SCADA systems are notorious for using weak default admin credentials, non-standard ports, and other technical identifiers," the spokesperson told Insider.

Too much critical infrastructure is connected to the public internet with lax security protections, in part because of egregiously low cybersecurity budgets.

Industrial systems are a growing target for profit-driven hackers across the board. In the past year, researchers have tracked cybercriminals probing computers connected to critical infrastructure and reselling access to those computers to more sophisticated hacking groups, according to the security firm Kaspersky.

"We believe the malicious actors have had, for quite a while, access to not only industrial organizations but also lots of information on their technological processes," Evgeny Goncharov, Kaspersky's head of Industrial Control Systems Cyber Emergency Response Team, said in a webinar Thursday. "Probably in the near future we'll see more news of attack scenarios and how those attacks can be monetized."

The FBI published a joint advisory with the Cybersecurity and Infrastructure Security Agency on Thursday advising critical infrastructure agencies to install the latest version of Windows and urging them to be on the lookout for suspicious logins to their remote access software.
Newsletter

Related Articles

0:00
0:00
Close
British Labour Government Utilizes Counter-Terrorism Tools for Social Media Monitoring Against Legitimate Critics
OpenAI Launches GPT‑5, Its Most Advanced AI Model Yet
Embarrassment in Britain: Homelessness Minister Evicted Tenants and Forced to Resign
President Trump nominated Stephen Miran, his top economic adviser and a critic of the Federal Reserve, to temporarily fill an open Fed seat
The AI-Powered Education Revolution: Market Potential and Transformative Impact
Chikungunya Virus Outbreak in Southern China: Over 7,000 Hospitalized
French wine makers have seen catastrophic damage to vines that were almost ready to be harvested after the worst fires in more than 70 years burned through the south of the country
US Lawmaker Probes Intel CEO’s China Ties Amid National Security Concerns
Brazilian President Lula says he’ll contact the leaders of BRICS states to propose a unified response to U.S. tariffs
Trump Open to Meeting Putin as Soon as Next Week, with Possible Trilateral Summit Including Zelenskiy
Katy Perry and Justin Trudeau spark dating rumors, joining high stakes world of celeb-politician romances
US envoy Steve Witkoff arrived in Moscow to seek a breakthrough in the Ukraine war ahead of President Trump’s peace deadline
WhatsApp Deletes 6.8 Million Scam Accounts Amid Rising Global Fraud
Nine people have been hospitalized and dozens of salmonella cases have been reported after an outbreak of infections linked to certain brands of pistachios and pistachio-containing products, according to the Public Health Agency of Canada
Karol Nawrocki Inaugurated as Poland’s President, Setting Stage for Clash with Tusk Government
Trump Signals JD Vance as ‘Most Likely’ MAGA Successor for 2028
US Charges Two Chinese Nationals for Illegal Nvidia AI Chip Exports
Texas Residents Face Water Restrictions While AI Data Centers Consume Millions of Gallons
U.S. Tariff Policy Triggers Market Volatility Amid Growing Global Trade Tensions
Tariffs, AI, and the Shifting U.S. Macro Landscape: Navigating a New Economic Regime
Representative Greene Urges H-1B Visa Cuts Amid U.S.-India Trade Tensions
U.S. House Committee Subpoenas Clintons and Senior Officials in Epstein Investigation
Sydney Sweeney Registered as Republican as Controversial American Eagle Ad Sparks Debate
Trump Accuses Major Banks of Politically Motivated Account Denials and Prepares Executive Order
TikTok Removes Huda Kattan Video Over Anti-Israel Conspiracy Claims
Trump Threatens Tariffs on India Over Russian Oil Imports
German Finance Minister Criticizes Trump’s Attacks on Institutions
U.S. Proposes Visa Bond of Up to $15,000 for Some Applicants
U.S. Farmers Increase Lobbying Amid Immigration Crackdown
Elon Musk Receives $23.7 Billion Tesla Stock Award
Texas House Paralyzed After Democrats Walk Out Over Redistricting
Mexican Cartels Complicate Sheinbaum’s U.S. Security Talks
Mark Zuckerberg Declares War on the iPhone
India Rejects U.S. Tariff Threat, Defends Russian Oil Purchases
United States Establishes Strategic Bitcoin Reserve and Digital Asset Stockpile
Thousands of Private ChatGPT Conversations Accidentally Indexed by Google
China Tightens Mineral Controls, Curtailing Critical Inputs for Western Defence Contractors
OpenAI’s Bold Bet: Teaching AI to Think, Not Just Chat
Tesla Seeks Shareholder Approval for $29 Billion Compensation Package for Elon Musk
Nvidia is cutting prices on its RTX 50-series graphics cards after sales slowed and inventories piled up
Ghislaine Maxwell Transferred to Minimum-Security Prison Amid Ongoing DOJ Discussions
U.S. Tariffs Surge to Highest Levels in Nearly a Century Under Second Trump Term
Matt Taibbi Slams Media for Role in Russiagate Narrative
Pilots Call for Mental Health Support Without Stigma
All Five Trapped Miners Found Dead After El Teniente Mine Collapse
Ong Beng Seng Pleads Guilty in Corruption Case Linked to Former Singapore Transport Minister
BP’s Largest Oil and Gas Find in 25 Years Uncovered Offshore Brazil
Italy Fines Shein One Million Euros for Misleading Sustainability Claims
JPMorgan and Coinbase Unveil Partnership to Let Chase Cardholders Buy Crypto Directly
Declassified Annex Links Soros‑Affiliated Officials and Clinton Campaign to ‘Russiagate’ Narrative
×