Pro-Russia hacktivists have been targeting and compromising small-scale Operational Technology (OT) systems in North American and European Water and Wastewater Systems (WWS), Dams, Energy, and Food and Agriculture Sectors. They aim to exploit modular, internet-exposed Industrial Control Systems (ICS), targeting software components like human machine interfaces (HMIs). The threat actors were observed using methods such as exploiting virtual network computing (VNC) remote access software and default passwords.
The malicious activity began in 2022 and is still ongoing. The government agencies urge OT operators in critical infrastructure sectors to implement a set of mitigations provided in the advisory.