Our society is built upon a specific set of needs, physical and virtual. These needs come from systems and these systems are assets vital to our society. These critical pieces of infrastructure, upon which we depend daily, would cripple our society if they were to fall. The pillars of our society and these critical pieces of infrastructure can be broken down as: security, public health, safety, economic stability and some would argue, technology.
Each of these has vulnerabilities, and we rely on the security measures put in place to keep these pillars in place and functioning. But how can they fall? How can they be ripped down around us? Ransomware, financial institutions, social engineering, and botnet attacks are just a few tools that cybercriminals have in their arsenal to affect our infrastructure.
The main targets of hackers are energy, transportation, public service, telecommunication and manufacturing, but there are many ways to impact those sectors that support our society. The scariest part of this information is how vulnerable our infrastructure is. From outdated computer systems to low-level security measures, and beyond, we face cybersecurity and major infrastructure attacks daily.
9 Major U.S. Cybersecurity Infrastructure Attacks in 2023
Here are just a few from 2023.
1. Federal agencies targeted by multiple groups.
In March, CISA and FBI officials reported that several cybersecurity attacks had occurred against several U.S. federal agencies, by multiple attackers.
The attacks were part of a cyberespionage campaign held from Nov 2022 until at least Jan 2023.
The hackers, including a Vietnamese espionage group, used vulnerabilities in the Microsoft Internet Information Services server, used by the agency, to install malware.
2. Russian Social engineering campaigns target U.S. politicians
Pro-Russian scammers used social engineering and impersonations to trick U.S. and Western commentators into recorded calls to create pro-Putin clips and sound bytes.
The scammers targeted politicians, CEOs, and celebrities to generate content that could be edited to their benefit.
Once the targets bit the email lure, they would agree to a video call. During the video call, the interviewee would be tricked and coaxed into saying something that could be edited into a pro-Russian or pro-Putin sound byte.
The recordings were then posted to YouTube to discredit the person in the interview.
Notable targets included German Chancellor Angel Merkel, Prince Harry, Elton John, and JK Rowling.
3. Government Industries Routers
In September, U.S. officials, along with Japanese government representatives, warned that Chinese state-sponsored hackers allegedly placed software inside routers targeting government industries and companies in both countries.
China has denied these allegations.
The group, known as BlackTech, uses malware to evade detection and hack into international subsidiaries.
4. Social Media Platform, X, taken down
In August, the hacker group, known as Anonymous, took down, X, in more than a dozen countries.
The group demanded that Elon Musk open Stalink in Sudan.
Servers were attacked by a flood of traffic, which disabled access for more than 20,000 users in the U.S., U.K., and several other countries. The Distributed Denial of Service (DDoS) attack was aimed at raising awareness of the civil war in Sudan.
5. U.S. State Department and Department of Commerce Attack
Another attack in August saw the attack of a congressman from Nebraska, as well as the hacking of emails from the State Department and the Department of Commerce
Representative Don Bacon was compromised by Chinese hackers using an exploit in a Microsoft error.
In a release from Representative Bacon, he stated that he suspects that the hackers may attempt to discredit or undermine him politically, but asserts that nothing is embarrassing in his emails.
Other victims, previously reported in the same attack, included Commerce Secretary Gina Raimondo, State Department employees, a human rights advocate, and think tanks.
6. Municipal Water Authority of Aliquippa
In late November, a water utility outside of Pittsburgh stated that apparently, pro-Iran hackers breached equipment used to manage water pressure to display an anti-Israel message on the screens of the facility.
The Municipal Water Authority of Aliquippa serves about 15,000 people.
The computer systems targeted in recent attacks have all been the same Isreali-made computer system, used to display symbols and logos of the perpetrators of the attacks and their messaging.
Following this particular attack, US and Israeli authorities issued advisories confirming the targeting of multiple US-based water facilities using that same equipment, likely using default passwords.
Hackers affiliated with the Islamic Revolutionary Guard Corps, a military branch of the Iranian government, were blamed for the attacks.
7. St. Johns River Water Management
In late November, the St. Johns River Water Management District spokesperson confirmed that it “identified suspicious activity in its information technology environment.”
According to the spokesperson, containment measures had been successfully implemented.
A ransomware gang came forward and took responsibility for the attack and proved responsibility by providing samples of stolen data.
“The District is actively monitoring its IT networks to ensure there is no ongoing, malicious persistence,” the agency spokesperson said. “Accordingly, the District is continuing its normal business operations. Until our investigation is complete, we are unable to comment further.”
8. North Texas Municipal Water District
On November 28, the water utility company, which serves more than two million people, reported a cybersecurity incident that caused operational issues.
“Most of our business network has been restored,” said Alex Johnson, the director of communications for NTMWD. “Our core water, wastewater, and solid waste services to our member cities and customers have not been impacted by this incident, and we continue to provide those services as usual.”
Daixin Team, a known cybercrime gang, took responsibility for the attack, claiming to have stolen more than 33,000 files containing customer information.
Daixin Team was behind a ransomware attack in September 2022, against the Oakbend Medical Center that took weeks to recover from after the facility’s phones and patient record systems were brought down by the attack.
9. VMWare ESXi Ransomware Attacks
VMware and its products offer products that assist users with server capabilities and cloud infrastructure utilization.
Customers using VMware ESXi hypervisor were targeted in February 2023 using ransomware. The FBI and CISA put the total number of compromised servers at 3,800 worldwide.
Targeted parties resided in multiple countries including the U.S., Canada, France, and Germany. The attack exploited a two-year-old vulnerability located in older versions of VMware ESXi, researchers said.
The vulnerability exploited software to enable remote execution of code. VMware said that “the recent ESXiArgs ransomware attacks have highlighted important truths about protecting virtual infrastructure.”
The Cybersecurity & Infrastructure Security Agency and its mission
Founded in November 2018, the CISA, America’s Cyber Defense Agency, is positioned strategically to defend the U.S. against cyber threats. Currently, their “spotlight” is on AI and both the threat and benefits that AI can bring to the cybersecurity landscape.
According to CISA, its role is to “track and share information about the latest cybersecurity risks, attacks, and vulnerabilities, providing our nation with the tools and resources needed to defend against these threats.”
The statement continues saying, “CISA provides cybersecurity resources and best practices for businesses, government agencies, and other organizations.”
CISA’s role in protecting the critical infrastructure is one of support; to the state, local, and industry partners by ‘identifying the critical infrastructure sectors and the essential workers needed to maintain the services and functions Americans depend on daily.’ Other resources that CISA offers to its partners include conducting cyber and physical exercises to enhance the security and resilience of CI.
“These exercises provide stakeholders with effective and practical mechanisms to identify best practices, lessons learned, and areas for improvement in plans and procedures,” the CISA website states. “These exercises may also inform future planning, technical assistance, training, and education efforts”.
