- Iranian hackers accessed two Cal Water methods and leaked 5GB of knowledge
- A poorly secured GPS software gave attackers a direct path inside Cal Water
- Administrative credentials for seven California districts have been printed in plaintext on-line
Tehran-linked menace group Handala has claimed it efficiently breached California Water Service and launched a 5GB information dump as proof.
Cal Water is without doubt one of the largest investor-owned water utilities in america, serving tens of millions of residential and industrial prospects throughout California.
Handala described the breach as direct retaliation for latest US navy actions in Iran, claiming it might disrupt water entry however intentionally selected to not — for now.
How a GPS software turned the entry level
Cybersecurity agency Dataminr analyzed the printed information and recognized two separate methods that Handala accessed through the breach.
The primary was a buyer billing database containing names, addresses, telephone numbers, account numbers, and cost histories throughout a number of Cal Water districts.
The second was an inner RTKBase deployment — an open-source GPS base station platform utilized by area crews sustaining water infrastructure throughout California.
The RTKBase occasion had been working constantly for roughly 783 hours on the time of entry, with GPS correction information streaming throughout seven recognized Cal Water districts.
These districts included Bakersfield, Chico, Salinas, Stockton, Visalia, San Mateo, and a regional engineering phase unfold throughout California.
The researchers consider that the GPS platform was not the tip purpose — it was the entry level into deeper infrastructure.
The RTKBase internet interface was accessible through normal HTTP port 10000 throughout a number of district areas, making it easy for out of doors actors to find and entry.
It was deployed on light-weight {hardware} that supplied minimal resistance towards unauthorized entry from the web.
Administrative credentials for the platform appeared within the printed dump in plaintext, giving anybody who downloaded it quick entry to your entire system.
Full community infrastructure particulars for all seven districts have been equally uncovered, leaving Cal Water’s safety staff with just about nothing intact to guard.
A sample that ought to concern each water utility
Handala’s historical past makes the “selected to not disrupt” framing price treating with appreciable skepticism from any severe safety perspective.
The group deployed a harmful wiper towards Stryker in March 2026 that disrupted manufacturing and transport — following the identical data-theft-first sample documented on this breach.
“Handala’s operational sample incessantly includes an preliminary declare adopted by escalated motion,” Dataminr’s report concluded.
“Safety groups ought to deal with the present disclosure as a attainable precursor to a harmful follow-on and posture accordingly.”
The US Cybersecurity and Infrastructure Safety Company (CISA) issued an advisory this 12 months warning of Iranian teams focusing on US water sector applied sciences.
This breach is a sign that Iranian cyber threats to US water infrastructure are now not theoretical.
Cal Water has not publicly acknowledged the breach, however affected prospects now face elevated phishing dangers provided that their names, addresses, telephone numbers, and account particulars are publicly obtainable.
By way of Security Affairs
Follow TechRadar on Google News and add us as a preferred source to get our knowledgeable information, evaluations, and opinion in your feeds.
Source link
