FBI releases Private Industry Notification: Cyber Actors Compromise US Water Treatment Facility

Critical Infrastructure Colleagues and Partners,

This product is marked TLP: GREEN . Recipients may share TLP: GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. TLP: GREEN information may not be released outside of the community.

In consultation with CISA, the FBI released the attached Private Industry Notification (PIN) as a result of the recent cyber intrusion at a water treatment facility to help cyber security professionals guard against persistent malicious actions of cyber actors.

On 5 February 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a US water treatment plant. The cyber actors likely accessed the system by exploiting cyber security weaknesses including poor password security, and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment. The actor also likely used the desktop sharing software TeamViewer to gain unauthorized access to the system.

The FBI has observed cyber actors targeting and exploiting desktop sharing software and computer networks running operating systems with end of life status to gain unauthorized access to systems. Microsoft, the FBI, CISA and other industry professionals strongly recommend upgrading computer systems to an actively supported operating system. Continuing to use any operating system within an enterprise beyond the end of life status presents vulnerabilities for cyber actors to exploit.

As a reminder, there are various free resources and information on alerts and other threats to help your organization’s security posture on www.cisa.gov.

In particular, CISA offers free scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors and more information can be found at https://www.cisa.gov/cyber-hygiene-services. Also CISA’s Cyber Essentials is a guide for leaders of small and medium businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices. More information can be found at https://www.cisa.gov/cyber-essentials.


Cybersecurity and Infrastructure Security Agency