A new study from Dragos has found that a water treatment plant in Oldsmar, Florida -- where hackers attempted to poison the town's water[1] earlier this year -- was also involved in another potential breach at the same time.
A browser being used on the plant's network was traced back to a "watering hole" attack[2] that was allegedly targeting water utilities across the country.
"We have medium confidence it did not directly compromise any organization," the report said. "But it does represent an exposure risk to the water industry and highlights the importance of controlling access to untrusted websites, especially for Operational Technology and Industrial Control System environments."
The tiny town in central Florida made national news in February when hackers gained remote access to systems at a local water plant and tried to elevate levels of certain chemicals which would have been poisonous to the town's residents. The attack was stopped before the water levels could be changed but the situation, like the recent ransomware attack on Colonial Pipeline[3], put a spotlight on how unprotected much of the critical infrastructure in the US is.
Researchers with Dragos found that the WordPress website of a water infrastructure construction company in Florida was "hosting malicious code" in the footer file of their website as a way to lure in operators at water utilities in the state and elsewhere. The attackers allegedly took advantage of one of the many vulnerabilities[4] that can be found in WordPress' plugins and inserted the code, which Dragos identified as the Tofsee malware[5], at some point in December 2020.
The report found that the website with the malicious code "was visited by a browser from the city of Oldsmar" on February 5