Poland says hackers breached water treatment plants, and the US is facing the same threat
Poland says hackers breached water treatment plants, and the US is facing the same threat
波兰称黑客入侵了水处理厂,美国正面临同样的威胁
Poland’s intelligence service said it detected attacks on five water treatment plants where hackers could have taken control of the industrial equipment inside, including, in the worst case, tampering with the safety of the water supply. The story is relevant beyond Poland’s borders: U.S. water infrastructure has faced similar threats in recent years. 波兰情报部门表示,他们检测到针对五家水处理厂的攻击,黑客可能已经控制了其中的工业设备,在最坏的情况下,甚至可能篡改供水安全。这一事件的影响超出了波兰的国界:近年来,美国的供水基础设施也面临着类似的威胁。
In 2021, a hacker briefly gained access to a water treatment plant in Oldsmar, Florida and attempted to increase the level of sodium hydroxide — a caustic chemical — to dangerous levels. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency have since warned that water utilities remain a soft target for foreign hackers. 2021年,一名黑客曾短暂入侵佛罗里达州奥兹马尔(Oldsmar)的一家水处理厂,并试图将氢氧化钠(一种腐蚀性化学品)的含量提高到危险水平。此后,美国联邦调查局(FBI)和美国网络安全与基础设施安全局(CISA)警告称,供水设施仍然是外国黑客容易攻击的目标。
On Friday, Poland’s Internal Security Agency, the country’s top intelligence agency, published a report covering the last two years of the agency’s operations and threats the country faced. The report said Polish intelligence thwarted multiple acts of sabotage from Russian government spies and hackers, who targeted military facilities, critical infrastructure (essential systems such as power grids, water supplies, and transportation networks), as well as civilian targets. These attacks, according to the report, may have resulted in fatalities. 周五,波兰最高情报机构——波兰国内安全局发布了一份报告,涵盖了该机构过去两年的行动以及波兰所面临的威胁。报告称,波兰情报部门挫败了来自俄罗斯政府间谍和黑客的多起破坏活动,这些攻击目标包括军事设施、关键基础设施(如电网、供水和交通网络等重要系统)以及民用目标。报告指出,这些攻击可能已经造成了人员伤亡。
“The most serious challenge remains the sabotage activity against Poland, inspired and organized by Russian intelligence services. This threat was (and is) real and immediate. It requires full mobilization,” read the report. 报告写道:“最严峻的挑战仍然是针对波兰的破坏活动,这些活动是由俄罗斯情报部门策划和组织的。这种威胁过去是、现在仍然是真实且迫在眉睫的。这需要全面动员。”
The report did not specify whether the hackers behind the attacks on the water treatment facilities were Russian government spies. But Poland has recently been the target of several attempts by Russian government hackers to attack its infrastructure, including a failed attempt to bring down the country’s energy grid. That breach was later attributed to poor security controls at the targeted facilities. 报告并未明确指出针对水处理设施的黑客是否为俄罗斯政府间谍。但波兰近期已多次成为俄罗斯政府黑客攻击其基础设施的目标,包括一次试图瘫痪该国电网的失败行动。那次入侵后来被归咎于目标设施的安全控制不力。
Poland’s experience is part of a growing global pattern of attacks on water and energy infrastructure. As recently as last month, a joint advisory from the Cybersecurity and Infrastructure Security Agency, the FBI, the NSA, and several other federal agencies warned that Iranian-backed hackers are actively targeting programmable logic controllers — the industrial computers that run water and energy facilities — at U.S. utilities. 波兰的遭遇是全球范围内针对水利和能源基础设施攻击日益增多的一个缩影。就在上个月,美国网络安全与基础设施安全局、联邦调查局、国家安全局及其他几个联邦机构联合发布预警,称伊朗支持的黑客正在积极针对美国公用事业设施中的可编程逻辑控制器(运行水利和能源设施的工业计算机)进行攻击。
The same Iranian hacking group, CyberAv3ngers, previously broke into digital control panels at multiple U.S. water treatment plants in Pennsylvania in 2023, in attacks that federal agencies linked to escalating hostilities in the Middle East. 同一个伊朗黑客组织“CyberAv3ngers”曾在2023年入侵了宾夕法尼亚州多家美国水处理厂的数字控制面板,联邦机构将这些攻击与中东地区不断升级的敌对行动联系起来。
In other words, the attacks against Poland are not unique, they follow a strategy that the Russian government is applying both in war zones such as Ukraine, as well as against Western countries that it sees as longstanding enemies. The plan, according to Polish intelligence, is to destabilize and weaken the West, and cyberattacks and cyberespionage are just tools in a larger toolkit for Putin’s regime. 换句话说,针对波兰的攻击并非个例,它们遵循的是俄罗斯政府在乌克兰等战区以及针对其视为长期敌人的西方国家所采取的战略。据波兰情报部门称,该计划旨在破坏和削弱西方,而网络攻击和网络间谍活动只是普京政权更大工具箱中的一部分。