- Twonet violated a fake Dutch water facility using default information
- The target was a pre -developed honeypot designed to study the striker behavior
- Hackers are increasingly targeting critical infrastructure that often aims at ransom
A relatively young pro-Russian hacktivist group called Twonet recently violated a Dutch water facility organization. They logged into Human-Machine Interface (HMI) using weak, standard information and utilized a vulnerability to elaborate on the site.
They then deleted connected programmable logical controllers (PLC) as data sources that disabled real-time updates and changed PLC set points through HMI. Once done, they changed the system settings to disable logs and alarms. After beating the critical infrastructure organization, they went to their telegram channel to advertise their victory, get some credibility and hopefully some notoriousness.
For the plot twist: The Dutch water facility organization does not exist.
Concrete action
The website was real and so was the infrastructure. But it was all a detailed ruse created by cybersecurity scientists, advance scout, to fool cyber criminals to reveal their tactics, techniques and procedures (TTP) – a typical honeypot.
SUPPLY HAVE BUILDING THESE HONEYPOTS FOR A LITTLE NOW NOW, saying it’s seen hackers trying to implement ransomware before.
Last year, a fake health clinic caught a few threat players, allegedly. However, this is the first time that hackers have publicly boasted of violation of something that wasn’t right.
“Groups moving from DDOS/Defacement to OT/ICS, wrongly read goals, turns over honeypots or overpower,” the researchers explained in their write-up: “It doesn’t make them harmless-it shows where they’re on their way.”
Critical infrastructure organizations, including water and wastewater treatment facilities, power plants, data centers, airports and the like, are increasingly targeted by cyber criminals.
Most of the time, these ransomware players are, groups believe they could force companies to pay a ransom -demand to remain operational and avoid even higher cost of restarting operations.
In some cases, attackers are state-sponsored and tasked with either cyber-espionage or creating a killskwitch to be activated in certain scenarios.
Via Cygenerws
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
