London Daily

Focus on the big picture.
Friday, Jun 20, 2025

Cybercriminals are selling access to water treatment plants like the one hacked in Florida — here's why experts think the problem could get worse

Cybercriminals are selling access to water treatment plants like the one hacked in Florida — here's why experts think the problem could get worse

Experts expect that "we'll see more news of attack scenarios and how those attacks can be monetized" because of ongoing security vulnerabilities.
Cybercriminals in underground forums have offered to sell access to hacked systems that control US power plants and water treatment systems, according to a new report from the threat intelligence firm Intel 471. Hackers likely took advantage of common security vulnerabilities in these systems, experts say — and they fear that such attacks could become more common as bad actors find ways to monetize the hacks.

The systems that cybercriminals offered access to bore a striking resemblance to the Oldsmar, Florida water treatment plant that was compromised by a hacker last week. Law enforcement officials said an unknown intruder gained access to software used by plant managers to remotely control its systems and attempted to raise the amount of sodium hydroxide — also known as lye — in the drinking water to dangerous levels.

Intel 471 researchers were careful to note that they don't have hard evidence proving that the cybercriminals offering access to hacked industrial systems are the same ones who hacked the Oldsmar plant. But their findings illustrate broader cyber vulnerabilities in US systems that control infrastructure. For years, experts have sounded alarm bells about potential issues with these so-called Supervisory Control and Data Acquisition systems (or SCADA systems), which monitor and control machines in the field.

"Attacks on SCADA systems are not new," an Intel 471 spokesperson said in response to emailed questions from Insider following the report. "It is often easy for non-sophisticated threat actors to identify internet-facing SCADA systems and gain access with very little effort."

In one instance logged by Intel 471, a cybercriminal in a Telegram channel popular with hackers offered in May 2020 to sell access to a "Groundwater Recovery & Treatment System" located in Florida. The hacker claimed to have broken into software used by administrators to remotely control the system, and included a screenshot that showed levels of sodium hydroxide in the water.

The person who posted the screenshots in the Telegram channel was likely an Iranian actor, Intel 471 researchers said. The Telegram channel in question was also tied to a 2020 hack of an Israeli water reservoir. There's no evidence to suggest that this person was motivated by anything other than monetary gain and notoriety, the spokesperson said.

The researchers' findings illustrate broader weaknesses in the cyber defenses of US critical infrastructure. Many industrial control systems can be easily located using online directories like Shodan, which logs internet-connected devices. From there, experts say even low-level hackers can scour out stolen or default login credentials to try to break into the software that controls the systems.

"SCADA systems are notorious for using weak default admin credentials, non-standard ports, and other technical identifiers," the spokesperson told Insider.

Too much critical infrastructure is connected to the public internet with lax security protections, in part because of egregiously low cybersecurity budgets.

Industrial systems are a growing target for profit-driven hackers across the board. In the past year, researchers have tracked cybercriminals probing computers connected to critical infrastructure and reselling access to those computers to more sophisticated hacking groups, according to the security firm Kaspersky.

"We believe the malicious actors have had, for quite a while, access to not only industrial organizations but also lots of information on their technological processes," Evgeny Goncharov, Kaspersky's head of Industrial Control Systems Cyber Emergency Response Team, said in a webinar Thursday. "Probably in the near future we'll see more news of attack scenarios and how those attacks can be monetized."

The FBI published a joint advisory with the Cybersecurity and Infrastructure Security Agency on Thursday advising critical infrastructure agencies to install the latest version of Windows and urging them to be on the lookout for suspicious logins to their remote access software.
Newsletter

Related Articles

0:00
0:00
Close
16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach
Senate hearing on who was 'really running' Biden White House kicks off
Iranian Military Officers Reportedly Seek Contact with Reza Pahlavi, Signal Intent to Defect
FBI and Senate Investigate Allegations of Chinese Plot to Influence the 2020 Election in Biden’s Favor Using Fake U.S. Driver’s Licenses
Vietnam Emerges as Luxury Yacht Destination for Ultra‑Rich
Plans to Sell Dutch Embassy in Bangkok Face Local Opposition
China's Iranian Oil Imports Face Disruption Amid Escalating Middle East Tensions
Trump's $5 Million 'Trump Card' Visa Program Draws Nearly 70,000 Applicants
DGCA Finds No Major Safety Concerns in Air India's Boeing 787 Fleet
Airlines Reroute Flights Amid Expanding Middle East Conflict Zones
Elon Musk's xAI Seeks $9.3 Billion in Funding Amid AI Expansion
Trump Demands Iran's Unconditional Surrender Amid Escalating Conflict
Israeli Airstrike Targets Iranian State TV in Central Tehran
President Trump is leaving the G7 summit early and has ordered the National Security Council to the Situation Room
Taiwan Imposes Export Ban on Chips to Huawei and SMIC
Israel has just announced plans to strike Tehran again, and in response, Trump has urged people to evacuate
Netanyahu Signals Potential Regime Change in Iran
Juncker Criticizes EU Inaction on Trump Tariffs
EU Proposes Ban on New Russian Gas Contracts
Analysts Warn Iran May Resort to Unconventional Warfare
Iranian Regime Faces Existential Threat Amid Conflict
Energy Infrastructure Becomes War Zone in Middle East
UK Home Secretary Apologizes Over Child Grooming Failures
Trump Organization Launches 5G Mobile Network and Golden Handset
Towcester Hosts 2025 English Greyhound Derby Amid Industry Scrutiny
Gary Oldman and David Beckham Knighted in King's Birthday Honours
Over 30,000 Lightning Strikes Recorded Across UK During Overnight Storms
Princess of Wales Returns to Public Duties at Trooping the Colour
Red Arrows Use Sustainable Fuel in Historic Trooping the Colour Flypast
Former Welsh First Minister Addresses Unionist Concerns Over Irish Language
Iran Signals Openness to Nuclear Negotiations Amid Ongoing Regional Tensions
France Bars Israeli Arms Companies from Paris Defense Expo
King Charles Leads Tribute to Air India Crash Victims at Trooping the Colour
Jack Pitchford Embarks on 200-Mile Walk to Support Stem Cell Charity
Surrey Hikers Take on Challenge of Climbing 11 Peaks in a Single Day
UK Deploys RAF Jets to Middle East Amid Israel-Iran Tensions
Two Skydivers Die in 'Tragic Accident' at Devon Airfield
Sainsbury's and Morrisons Accused of Displaying Prohibited Tobacco Ads
UK Launches National Inquiry into Grooming Gangs
Families Seek Closure After Air India Crash
Gold Emerges as Global Safe Haven Amid Uncertainty
Trump Reports $57 Million Earnings from Crypto Venture
Trump's Military Parade Sparks Concerns Over Authoritarianism
Nationwide 'No Kings' Protests Challenge Trump's Leadership
UK Deploys Jets to Middle East Amid Rising Tensions
Trump's Anti-War Stance Tested Amid Israel-Iran Conflict
Germany Holds First Veterans Celebration Since WWII
U.S. Health Secretary Dismisses CDC Vaccine Advisory Committee
Minnesota Lawmaker Melissa Hortman and Husband Killed in Targeted Attack; Senator John Hoffman and Wife Injured
Exiled Iranian Prince Reza Pahlavi Urges Overthrow of Khamenei Regime
×