On Tuesday, the United States government warned state governors about cyberattacks targeting water and sewage systems across the country, perpetrated by hackers associated with Iran and China.
In a letter published Tuesday, White House National Security Advisor Jake Sullivan and Environmental Protection Agency Administrator Michael Regan cautioned that significant cyberattacks have targeted water and wastewater systems nationwide.
Sullivan and Regan referenced a recent incident involving hackers allegedly working alongside Iran's Islamic Revolutionary Guards Corps (IRG), who successfully disabled a controller at a water facility in Pennsylvania. Additionally, they highlighted the actions of a Chinese hacking collective known as "Volt Typhoon," which they claimed had breached the information technology of several critical infrastructure systems, including those related to drinking water, across the U.S. and its territories.
"None of this is new, nor is it shocking," said Brandon Valeriano, author and distinguished senior fellow at the Marine Corps University and senior advisor to the Cyberspace Solarium Commission 2.0.
"Cyber vulnerabilities have long been used as a form of political warfare and signaling since they have limited utility during combat operations. Members of the Cyberspace Solarium Commission (of which I was part) have long sounded the alarm that water facilities are vulnerable, with little investment going to these under-resourced targets lacking basic cyber protections," he added.
"These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities," the Tuesday letter said.
"The U.S. States takes seriously its role in identifying, disrupting, and deterring malicious cyber activities – particularly those targeting our critical infrastructure," a State Department spokesperson told The Foreign Desk.
"All member states of the United Nations have affirmed 11 cyber norms, including the norm: 'A State should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public,'" the spokesperson added.
The letter from the NSC and the EPA comes as Robert Wells, the Director of the FBI's Counterterrorism Division, recently informed the House Committee on Homeland Security that Tehran is still planning attacks against former government officials in response to the death of IRGC-QF Commander Qassem Soleimani. Wells also warned that Tehran can carry out cyber-attacks and targeted assassinations within the U.S.
"Iran last year used the conflict in Gaza as cover for their activities to explore American critical infrastructure but have done no damage as of yet. It is important to understand our weak spots and this advisory has been a long time coming, hopefully it is not too late," Valeriano told The Foreign Desk.
"As governments that have affirmed the norms, Iran and the PRC should understand that there will be consequences if their cyber actors take actions contrary to the norms," the State Department told The Foreign Desk.
The State Department said it continues to "remain aware of ongoing Iranian interest in targeting US citizens, including current and former U.S. officials."
"As Secretary Blinken has made clear, the U.S. will never tolerate any attacks on U.S. citizens, here or abroad," a spokesperson said.
Wells stated that Iran can execute various forms of attacks on American targets. These could range from cyber operations aimed at disrupting public and private infrastructure to specific assassinations targeting individuals perceived as threats to the regime or its stability.
"In 2023, three members of an Eastern European criminal organization were charged for plotting the murder of a U.S. citizen, who has been targeted by the Government of Iran for speaking out against the regime's human rights abuses," Wells told lawmakers. "The victim was targeted for exercising the rights to which every American citizen is entitled. An attempted assassination on U.S. soil shows how far Iranian actors are willing to go to silence their critics," he added.
In addition to recent cyberattacks against the U.S., a hacking group affiliated with the Islamic Republic asserted that they had successfully infiltrated the computer network of a critical Israeli nuclear facility. The incident was announced by the hackers known as 'Anonymous' as a form of protest against the ongoing conflict in Gaza.
The hackers assert that they've obtained and released numerous documents from the Shimon Peres Negev Nuclear Research Center, including PDFs, emails, and PowerPoint presentations. The facility hosts a nuclear reactor associated with Israel's undisclosed atomic weapons program and has historically faced attacks from Hamas rockets. In a social media message, the group said they conducted the operation with utmost care to avoid harming civilians.
Although the released documents indicate that the hackers may have successfully infiltrated an IT network linked to the facility, there is currently no evidence to suggest that they have breached its operational technology (OT) network. Gil Messing, who serves as the chief of staff at Checkpoint, an Israeli cybersecurity company, informed Recorded Future News that his company knew of the Anonymous group, which emerged with its own X and Telegram accounts at the onset of the conflict between Israel and Hamas in Gaza.
Checkpoint has noticed hackers replicating attacks previously conducted by Iranian groups. According to Messing, these hackers could be the same groups functioning under various aliases.
"So far, some of these attacks were bogus, some genuine, so regarding this specific one, it's hard to say if it's genuine," Messing told Recorded Future News.
Following the October 7th Hamas massacre against Israel, the IRGC has increased its support for terrorist proxies in the region against Israeli and American forces. The Ayatollahs in Tehran have vowed to continue supporting Hamas against Israel and have called on all Muslim nations to rally behind the group as they face immediate destruction from Israel.
Related Story: U.S. Cyber Command Says Iranian Hacker Gained Access to Election Results Server in 2020
