(U//FOUO) DHS Intelligence Note: Unknown Cyber Actors Target US Water and Sewage Authority Network

The following intelligence note was obtained from the public website of a state water treatment agency.

Unknown Cyber Actors Target US Water and Sewage Authority Network

Page Count: 2 pages
Date: March 28, 2017
Restriction: For Official Use Only
Originating Organization: Department of Homeland Security, Office of Intelligence and Analysis
File Type: pdf
File Size: 212,896 bytes
File Hash (SHA-256): 6FB3E90F76F2744B4A1C2BBB97CC0F5477D631FB20798ABE0074C87110F59869

Download File

(U//FOUO) Likely Network Device Compromise Results in Excessive Data Traffic; Device Provided Access to Industrial Control System

(U//FOUO) An unidentified actor or actors between November 2016 and January 2017 targeted a US water and sewage authority’s network, resulting in excessive cellular charges and unusual traffic on ports 10000 and 9600, according to an FBI source with excellent access who spoke in confidence but whose reliability cannot be determined. The FBI source indicated that four of the seven devices on the authority’s cellular data plan were impacted with high data usage, which was likely a result of compromised network devices. The November 2016–December 2016 billing cycle totaled $45,000, and the December 2016–January 2017 billing cycle totaled $53,000. A typical monthly bill averages approximately $300. The devices were Sixnet devices, which had been in place for six or seven years and provided access to the authority’s industrial control systems, according to the same FBI source.

(U//FOUO) Support to Computer Network Defense

(U//FOUO) Sixnet BT-5xxx and BT-6xxx series device versions prior to 3.8.21, as of May 2016, were vulnerable to a compromise that exploited a hard-coded factory password that could enable full access to the affected device, according to ICS-CERT Advisory ICSA-16-0147-02. The same advisory identifies vendor patches and firmware updates that address the issue.

(U//FOUO) Sixnet BT-5xxx series industrial cellular modems and BT-6xxx machine-to-machine gateways facilitate data communications connectivity in mobile or remote environments. Ports 9600 and 10000 are used for transmission control protocol and user datagram protocol (TCP/UDP) communications, according to an online report from a firm that provides industrial automation and networking solutions.

Share this: