California Water Service (Cal Water) has concluded its investigation into a recent cyberattack linked to the hacker group Handala, revealing no breach in its operational technology (OT) systems. Despite claims by the group that they could disrupt the water supply, Cal Water confirmed that its critical systems remained secure.
Hackers’ Claims and Data Leak
Handala, believed to be affiliated with Iranian government hacking operations, alleged they infiltrated Cal Water’s systems, gaining substantial access to industrial control systems (ICS). Although the group did not disrupt services, they released 5 GB of data, purportedly exfiltrated from Cal Water, which included sensitive customer information.
Cybersecurity experts analyzed the leaked data, identifying potential breaches in a customer billing system and an internal application. Despite these concerns, Cal Water maintained that its core operational systems were not compromised.
Cal Water’s Response and Investigation
In response to the breach, Cal Water enlisted cybersecurity specialists from Google’s Mandiant to conduct a thorough investigation. The findings revealed that the unauthorized access was confined to a few user accounts on platforms managed by third-party service providers. Importantly, Mandiant did not find any evidence of hacker activity within Cal Water’s internal IT or OT environments.
The investigation clarified that one active customer account was accessed using stolen credentials. However, this did not lead to a breach of the billing system, and no payment information was jeopardized. An external third-party website linked to GPS location services was also accessed but contained no sensitive data.
Ongoing Cybersecurity Measures
Cal Water expressed gratitude for the support from state and federal government partners throughout the investigation. The utility emphasized its commitment to bolstering system security against future cyber threats. The water sector remains vulnerable due to its dependence on outdated systems and often insufficient cybersecurity practices.
As cyber threats continue to target critical infrastructure sectors, Cal Water’s proactive stance serves as a reminder of the importance of robust cybersecurity measures. The utility’s experience underscores the need for ongoing vigilance and collaboration across industries to protect vital services.
