Two Russian hacktivist groups, People’s Cyber Army and Z-Pentest, are escalating cyberattacks on critical infrastructure, including oil and gas and water systems, as their tactics extend beyond traditional DDoS and defacement, involving the compromise of operational technology (OT) controls, potentially leading to severe disruptions.
Multiple threat actors, including Z-Pentest, have breached critical infrastructure systems in various countries, potentially gaining control over operational systems, which, often motivated by geopolitical tensions, pose significant risks to national security and economic stability.
Despite warnings from U.S. agencies about Chinese penetration, these systems remain susceptible to potential damage from both Russian and Chinese threat actors.
Active since October 2023, Z-Pentest, a threat actor likely based in Serbia, has claimed responsibility for 10 attacks targeting critical infrastructure control panels, leveraging Telegram and X for communication and operations.
It allegedly breached and compromised control systems at multiple U.S. oil facilities, gaining access to sensitive operational data and potentially manipulating critical functions like water pumping, gas flaring, and oil collection.
The threat actors compromised a system, gaining access to critical operational controls, as evidenced by a released 4-minute screen recording of their unauthorized activities.
They have gained access to sensitive environments, including PLCs, potentially compromising industrial systems. While safety features may mitigate risks, the exposure of these critical systems to unauthorized access is a significant security concern.
Recent cyberthreats targeting the energy sector include increased dark web activity, ransomware attacks, and the sale of network access and zero-day vulnerabilities, as the pre-breach credential leaks on the dark web highlight the importance of proactive monitoring to prevent larger-scale attacks.
According to Cyble, the People’s Cyber Army (PCA) and Z-Pentest are targeting critical infrastructure, including U.S. environmental cleanup companies and water systems, with DDoS attacks and potential control panel access.
The People’s Cyber Army breached and compromised control systems at the Stanton Water Treatment Plant and New Castle water towers, potentially disrupting water supply and endangering public health.
It is a sanctioned group targeting Ukraine allies and has launched multiple cyberattacks on U.S. water systems in 2024, including incidents in Texas that compromised valve control and led to water tank overflows.
While Z-Pentest, a new threat actor, has successfully breached critical infrastructure organizations, including energy and water facilities, by gaining access to operational control panels, potentially compromising critical systems and operations.
To enhance critical infrastructure security, organizations must prioritize timely patching, network segmentation, Zero-Trust Architecture, internet exposure control, cybersecurity training, vulnerability scanning, threat intelligence, incident response planning, and regular security drills.
