Security News > 2022 > August > Hackers attack UK water supplier but extort wrong victim

As the announcement explains, the safety and water distribution systems are still operational, so the disruption of the IT systems doesn't impact the supply of safe water to its customers or those of its subsidiaries, Cambridge Water and South Staffs Water.

The Clop ransomware gang claimed Thames Water as their victim via an announcement on their onion site today, alleging to have accessed SCADA systems they could manipulate to cause harm to 15 million customers.

Thames Water is UK's largest water supplier and wastewater treatment provider, serving Greater London and areas surrounding river Thames.

The hackers allege to have informed Thames Water of its network security inadequacies and claim that they acted responsibly by not encrypting their data and only exfiltrating 5TB from the compromised systems.

One key detail in the case is that among the published evidence, Clop presents a spreadsheet with usernames and passwords, which features South Staff Water and South Staffordshire email addresses.

This attack comes during dire drought times for UK consumers, with eight areas in the country imposing water ration policies and hosepipe bans.

News URL

https://www.bleepingcomputer.com/news/security/hackers-attack-uk-water-supplier-but-extort-wrong-victim/