London Daily

Focus on the big picture.
Thursday, Aug 28, 2025

Cybercriminals are selling access to water treatment plants like the one hacked in Florida — here's why experts think the problem could get worse

Cybercriminals are selling access to water treatment plants like the one hacked in Florida — here's why experts think the problem could get worse

Experts expect that "we'll see more news of attack scenarios and how those attacks can be monetized" because of ongoing security vulnerabilities.
Cybercriminals in underground forums have offered to sell access to hacked systems that control US power plants and water treatment systems, according to a new report from the threat intelligence firm Intel 471. Hackers likely took advantage of common security vulnerabilities in these systems, experts say — and they fear that such attacks could become more common as bad actors find ways to monetize the hacks.

The systems that cybercriminals offered access to bore a striking resemblance to the Oldsmar, Florida water treatment plant that was compromised by a hacker last week. Law enforcement officials said an unknown intruder gained access to software used by plant managers to remotely control its systems and attempted to raise the amount of sodium hydroxide — also known as lye — in the drinking water to dangerous levels.

Intel 471 researchers were careful to note that they don't have hard evidence proving that the cybercriminals offering access to hacked industrial systems are the same ones who hacked the Oldsmar plant. But their findings illustrate broader cyber vulnerabilities in US systems that control infrastructure. For years, experts have sounded alarm bells about potential issues with these so-called Supervisory Control and Data Acquisition systems (or SCADA systems), which monitor and control machines in the field.

"Attacks on SCADA systems are not new," an Intel 471 spokesperson said in response to emailed questions from Insider following the report. "It is often easy for non-sophisticated threat actors to identify internet-facing SCADA systems and gain access with very little effort."

In one instance logged by Intel 471, a cybercriminal in a Telegram channel popular with hackers offered in May 2020 to sell access to a "Groundwater Recovery & Treatment System" located in Florida. The hacker claimed to have broken into software used by administrators to remotely control the system, and included a screenshot that showed levels of sodium hydroxide in the water.

The person who posted the screenshots in the Telegram channel was likely an Iranian actor, Intel 471 researchers said. The Telegram channel in question was also tied to a 2020 hack of an Israeli water reservoir. There's no evidence to suggest that this person was motivated by anything other than monetary gain and notoriety, the spokesperson said.

The researchers' findings illustrate broader weaknesses in the cyber defenses of US critical infrastructure. Many industrial control systems can be easily located using online directories like Shodan, which logs internet-connected devices. From there, experts say even low-level hackers can scour out stolen or default login credentials to try to break into the software that controls the systems.

"SCADA systems are notorious for using weak default admin credentials, non-standard ports, and other technical identifiers," the spokesperson told Insider.

Too much critical infrastructure is connected to the public internet with lax security protections, in part because of egregiously low cybersecurity budgets.

Industrial systems are a growing target for profit-driven hackers across the board. In the past year, researchers have tracked cybercriminals probing computers connected to critical infrastructure and reselling access to those computers to more sophisticated hacking groups, according to the security firm Kaspersky.

"We believe the malicious actors have had, for quite a while, access to not only industrial organizations but also lots of information on their technological processes," Evgeny Goncharov, Kaspersky's head of Industrial Control Systems Cyber Emergency Response Team, said in a webinar Thursday. "Probably in the near future we'll see more news of attack scenarios and how those attacks can be monetized."

The FBI published a joint advisory with the Cybersecurity and Infrastructure Security Agency on Thursday advising critical infrastructure agencies to install the latest version of Windows and urging them to be on the lookout for suspicious logins to their remote access software.
Newsletter

Related Articles

0:00
0:00
Close
Bruce Willis Relocated Due to Advanced Dementia
French and Korean Nuclear Majors Clash As EU Launches Foreign Subsidy Probe
EU Stands Firm on Digital Rules as Trump Warns of Retaliation
Getting Ready for the 3rd Time in Its History, Germany Approves Voluntary Military Service for Teenagers
Argentine President Javier Milei Evacuated After Stones Thrown During Campaign Event
Denmark Confronts U.S. Diplomat Over Covert Trump-Linked Influence in Greenland
Starmer Should Back Away from ECHR, Says Jack Straw
Trump Demands RICO Charges Against George Soros and Son for Funding Violent Protests
Taylor Swift Announces Engagement to NFL Star Travis Kelce
France May Need IMF Bailout, Warns Finance Minister
Chinese AI Chipmaker Cambricon Posts Record Profit as Beijing Pushes Pivot from Nvidia
After the Shock of Defeat, Iranians Yearn for Change
Ukraine Finally Allows Young Men Aged Eighteen to Twenty-Two to Leave the Country
The Porn Remains, Privacy Disappears: How Britain Broke the Internet in Ten Days
YouTube Altered Content by Artificial Intelligence – Without Permission
Welcome to The Definition of Insanity: Germany Edition
Just a reminder, this is Michael Jackson's daughter, Paris.
Spotify’s Strange Move: The Feature Nobody Asked For – Returns
Manhunt in Australia: Armed Anti-Government Suspect Kills Police Officers Sent to Arrest Him
China Launches World’s Most Powerful Neutrino Detector
How Beijing-Linked Networks Shape Elections in New York City
Ukrainian Refugee Iryna Zarutska Fled War To US, Stabbed To Death
Elon Musk Sues Apple and OpenAI Over Alleged App Store Monopoly
2 Australian Police Shot Dead In Encounter In Rural Victoria State
Vietnam Evacuates Hundreds of Thousands as Typhoon Kajiki Strikes; China’s Sanya Shuts Down
UK Government Delays Decision on China’s Proposed London Embassy Amid Concerns Over Redacted Plans
A 150-Year Tradition to Be Abolished? Uproar Over the Popular Central Park Attraction
A new faith called Robotheism claims artificial intelligence isn’t just smart but actually God itself
Deputy Prime Minister Angela Rayner Purchases Third Property Amid Housing Tax Reforms Debate
HSBC Switzerland Ends Relationships with Over 1,000 Clients from Saudi Arabia, Lebanon, Qatar, and Egypt
Sharia Law Made Legally Binding in Austria Despite Warnings Over 'Incompatible' Values
Italian Facebook Group Sharing Intimate Images Without Consent Shut Down Amid Police Investigation
Dutch Foreign Minister Resigns Amid Deadlock Over Israel Sanctions
Trump and Allies Send Messages of Support to Ukraine on Independence Day Amid Ongoing Conflict
China Reels as Telegram Chat Group Shares Hidden-Camera Footage of Women and Children
Sam Nicoresti becomes first transgender comedian to win Edinburgh Comedy Award
Builders uncover historic human remains in Lancashire house renovation
Australia Wants to Tax Your Empty Bedrooms
MotoGP Cameraman Narrowly Avoids Pedro Acosta Crash at Hungarian Grand Prix
FBI Investigates John Bolton Over Classified Documents in High-Profile Raids
Report reveals OpenAI pitched national ChatGPT Plus subscription to UK ministers
Labour set to freeze income tax thresholds in long-term 'stealth' tax raid
Coca‑Cola explores sale of Costa coffee chain
Trial hears dog walker was chased and fatally stabbed by trio
Restaurateur resigns from government hospitality council over tax criticism
Spanish City funfair shut after serious ride injury
Suspected arson at Ilford restaurant leaves three in critical condition
Tottenham beat Manchester City to go top of Premier League
Bank holiday heatwave to hit 30°C before remnants of Hurricane Erin arrive
UK to deploy immigration advisers to West Africa to block fake visas
×