SoylentNews is people
SoylentNews
Submission Preview
Release The Fish
Risevatnet Lake is a small dammed lake near the city of Svelgen in the South-West of Norway. It primarily serves as a fish farm.
On April 7 its dam control system was breached [risky.biz] by a Russian hacktivist group, Z-PENTEST (guess what the Z stands for). The main valve was put on maximum opening, increasing the water flow to maximum volume for four hours before the incident was detected; on April 10 the dam's owner alerted authorities.
The hackers got in through a weak password [radiflow.com] -- the classical 123456, or risevatnet123, perhaps -- on the web interface used to control the dam. This web interface was directly connected to the Internet.
Once logged in, the hackers could directly control a motorized valve which controlled the water flow. (Why local teenagers hadn't discovered this before remains a mystery.)
About 145,000 Industrial Control Devices (ICS) were found to be directly connected to the Internet in a 2024 Censys scan (pdf) [censys.com]. Of these devices, 48,000, or 38%, were located in the US, with Europe accounting for a comparable number (35%). A sizeable portion (34%) of devices were water and wastewater related, while 23% were associated with agricultural processes. Many of these devices -- including HMIs, PLCs, and SCADA panels—were discoverable with simple scans, and often "protected" by default or easily guessed passwords.
If you read around a bit, the impression [cyble.com] is that Z-PENTEST is something like a splinter group from another "hacktivist" group, the People's Cyber Army. Both groups have boosted on Telegram about similar actions before -- aiming for oil wells, dams and rural water systems [csoonline.com]. Their targets have been in the United States, Canada, Australia, France, South Korea, Taiwan, Italy, Romania, Germany, and Poland.
It has to be seen whether this latest action -- freeing fish from Western Propaganda and the Capitalists' Deadly Grip -- will give them much street cred in the hacker scene.
