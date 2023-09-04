Heartland Votes
(KY3)
By KY3 Staff
Published: Sep. 4, 2023 at 11:39 AM CDT|Updated: 54 minutes ago
SPRINGFIELD, Mo. (KY3) - A new advisory from the Environmental Protection Agency warns of a cyber-attack on water utilities.

Cyber generic WRDW
Cyber generic WRDW(WRDW/WAGT)

The EPA sent the advisory, passed along to Missouri water and wastewater utilities from the Missouri Department of Natural Resources. The group Volt Typhoon is the group behind the attack. Much like other phishing attacks, this one is searching for information.

Lance Dorsey with the Missouri Department of Natural Resources says the statewide notification is like casting a wide net to inform utilities.

“To disseminate to all the water and wastewater systems, it’s been happening, and it’s probably on the uptick. This is probably the third message this year.” Lance Dorsey, Missouri DNR.

Dorsey says that these alerts are not uncommon.

Mitigation

Water and wastewater system owners and operators should direct their network administrators to review the CSA and the indicators of compromise included in this alert and carry out the recommended mitigation procedures below. Volt Typhoon, among many other PRC APT groups, uses dynamic infrastructure and preinstalled, legitimate tools in victim environments to conduct their cyber activities. The CSA provides the most comprehensive and enduring detection mitigation measures to help network administrators search for this activity.

  • Scan your network for the known indicators of compromise included in this alert and other unusual IP addresses and ports in command lines, registry entries, and firewall logs to identify other hosts potentially involved in actor actions.
  • Block all listed IP addresses and user agents listed in this updated alert.
  • Establish baselines of normal activity, particularly for remote access and administrative actions, and look for outliers from those baselines.

If you have questions about any of the information contained in this document, please contact Brandon Carter, Water Infrastructure and Cyber Resilience Division, USEPA (carter.brandon@epa.gov). If you find evidence of potential Volt Typhoon activity, please report this activity to the FBI at the Internet Crime Complaint Center (IC3) | File a Complaint or CISA at Incident Reporting System | CISA. In addition, Missouri water and wastewater cyber incidents should be reported to WPP-Cybersecurity@dnr.mo.gov. Missouri water and wastewater treatment systems can get help with cyber incidents by calling the Missouri Information Analysis Center (MIAC) at 866-362-6422.

