"Hacker Tries to Poison Water Supply of Florida Town"

A threat actor remotely accessed the IT system of the water treatment facility of Oldsmar, Florida, and tried to poison the town’s water supply by raising the levels of sodium hydroxide, or lye, in the water supply. According to local authorities, the attack happened just two days before the NFL’s Super Bowl LV was held nearby in Tampa Bay.  An operator at the plant first noticed a brief intrusion Friday, Feb. 5, around 8:00 a.m.  Someone remotely accessed the computer system the operator was monitoring that controls chemical levels in the water and other operations.  The operator “didn’t think much of it” because it’s normal for his supervisors to use the remote access feature to monitor his computer screen at times.  However, around 1:30 p.m., an adversary again remotely accessed the computer system. The operator observed the mouse moving around on the screen to access various systems that control the water being treated.  During the second intrusion, which lasted three to five minutes, the intruder changed the level of sodium hydroxide in the water from 100 parts per million to 11,100 parts per million, which is a significant and potentially dangerous increase.  Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners and is used to control water acidity and remove metals from drinking water in water-treatment plants.  Fortunately, the operator quickly changed the level back to normal after the intrusion and alerted supervisors, who then contacted the Pinellas County Sheriff’s Office. The FBI and U.S. Secret Service were also notified and worked over the weekend to investigate and discover who was behind the attack.  At this time, authorities have leads but have not identified a suspect, nor do they know if the attack came from inside the United States or outside the country.  

Threatpost reports: "Hacker Tries to Poison Water Supply of Florida Town"