Hacktivists Hit Water Utility Honeypot in OT Attack

A nascent pro-state hacktivist group known as TwoNet was recently lured into attacking a honeypot disguised as a water treatment utility. The attackers gained initial access using default credentials, performed SQL reconnaissance, and proceeded to deface the human-machine interface (HMI) and disrupt simulated industrial processes. Following the intrusion, the group falsely claimed responsibility for a real-world critical infrastructure attack on their public channels to inflate their reputation. This incident highlights a dangerous trend of hacktivists pivoting from simple DDoS attacks to targeting operational technology (OT) and industrial control systems (ICS). The event underscores the ephemeral nature of these groups, as TwoNet disbanded shortly after, and demonstrates the value of honeypots in distinguishing genuine threats from propaganda.

Latest mentioned: 10-13

Earliest mentioned: 10-10

Sources

gbhackers.com bleepingcomputer.com infosecurity-magazine.com securityonline.info cybersum.net

Also Read

WordPress WooCommerce Sites Targeted by Sophisticated Malware

The Wordfence Threat Intelligence Team has uncovered a sophisticated malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as legitimate plugins like 'jwt-log-pro' and 'cron-environment-advanced,' hides malicious payloads inside fake images and evades detection through custom encryption. It logs users with high privileges, intercepts login credentials, and establishes a backdoor for remote command access. The malware is attributed to Magecart Group 12, known for credit card skimming operations. The campaign has compromised over 25,000 IP addresses, primarily in Southeast Asia and North America, with a focus on network video recorders and routers.

10-31Read more →