Russia-linked hacking group claims to have targeted Indiana water plant

Hackers targeted a wastewater treatment plant in Indiana on Friday evening, prompting plant managers to send maintenance personnel to investigate the suspicious activity, a local official told CNN.

A Russia-linked hacking group claimed responsibility. The same group claimed credit for a string of hacking incidents against water facilities in Texas earlier this year.

“We were targeted and we have not been compromised,” Jim Ankrum, general manager of Tipton Municipal Utilities, told CNN. TMU provides electricity, water and wastewater treatment for Tipton, a town of 5,000 people that is about 40 miles north of Indianapolis.

“TMU experienced minimal disruption and remained operational at all times,” Ankrum said.

Ankrum said federal authorities were investigating the incident. He referred further questions to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. A CISA spokesperson did not immediately respond to a request for comment Monday.

On Saturday, Russian-speaking hackers posted a video to social media claiming credit for a cyberattack on a TMU wastewater treatment plant. Ankrum told CNN he had not watched the video but emphasized that the plant continued to operate throughout the cyberattack.

It’s the latest apparent effort by a group of Russian-speaking hackers to target water facilities in small American towns. A cyberattack in January claimed by the group caused a tank at a water facility in Muleshoe, Texas, to overflow.

US officials have been warning that the country’s water systems need to shore up their defenses in the face of persistent threats from state and criminal actors.

Cyberattacks are hitting water and wastewater systems “throughout the United States” and water facilities must improve their defenses against the threat, US national security adviser Jake Sullivan said in a letter last month to state officials.

The US cybersecurity firm Mandiant last week publicly linked the channel on the social media platform Telegram where hackers claimed responsibility for the Muleshoe and TMU attacks with previous hacking activity carried out by a notorious unit of Russia’s GRU military intelligence agency. It’s unclear, however, whether other Russian-speaking hackers or the GRU itself is behind individual attacks claimed on the Telegram channel, according to Mandiant.

In the string of water-sector hacks, the Russian-speaking attackers appear to have opportunistically targeted industrial equipment that in, at least some cases, was accessible online.

The video posted by the Russian-speaking hackers purported to show them manipulating software that handles equipment that aerates and move fluids at the Tipton wastewater treatment plant, according to Ron Fabela, an industrial cybersecurity expert.

“While the video is sensational, the actions taken by the threat actor are amateur and would amount to a minor annoyance for plant operators,” Fabela, who is CEO of Infinity Squared Group, a consulting firm, told CNN.

For more CNN news and newsletters create an account at