CyberSum logo
Back

Hacktivist Group TwoNet Targets Water Utility Honeypot

Cyber Security News by CyberSum.net
5 sources
In September, the pro-Russian hacktivist group TwoNet staged an intrusion against a water treatment utility honeypot. By exploiting default credentials and SQL-based schema extraction, the adversary created backdoor accounts and defaced the human-machine interface (HMI). This incident highlights the need for critical infrastructure organizations to deploy deception technologies and monitor hacktivist channels for accurate threat intelligence. The attack, originating from an IP registered to a hosting provider, involved manual SQL commands and a Linux-based Firefox workflow. The attacker defaced the HMI login page, deleted PLC data sources, adjusted setpoints, and disabled logs and alarms. TwoNet's pivot from DDoS to OT/ICS targeting coincides with the launch of a new Telegram channel, underscoring a broader hacktivist trend of using alliances to accelerate capability growth.

Also Read

PassiveNeuron Cyberespionage Campaign Resurfaces with New Tactics

The PassiveNeuron cyberespionage campaign has re-emerged after a six-month hiatus, targeting government, financial, and industrial organizations with sophisticated malware. The campaign primarily exploits Microsoft SQL servers to gain initial access, leveraging vulnerabilities or brute-forcing credentials. Attackers deploy ASPX web shells and adapt their techniques to evade detection, using custom malware like Neursite and NeuralExecutor. The campaign's persistence and targeted nature highlight the need for robust SQL injection defenses and comprehensive web shell detection.

By Cyber Security News by CyberSum.net