Hackers Attack UK Water Supplier, Sends Ransom Demand to the Wrong Company

Hackers infiltrated the corporate-side of a utility that supplies water to about 1.3 million people in the United Kingdom. However, the apparent data breach may not have been the one the cyber-criminals were aiming for.

Ransomware gang ClOP (previously responsible for one of 2021’s biggest hacks) claimed to have infiltrated Thames Water, the United Kingdom’s largest drinking water utility, on Monday, according to a report from Bleeping Computer. However, the utility denied any breach of its system. Meanwhile, another UK utility, South Staffordshire Water, confirmed it was attacked.

Thames Water services 15 million people, more than ten times the scale of South Staffordshire. So, although any attack on a public utility is clearly bad, there’s a big difference between the scale of what ClOP claimed and what utilities copped to.

Hackers’ Claims Against Utilities

South Staffordshire PLC (the parent company of South Staffordshire Water) admitted its corporate IT network had been accessed by hackers, in a public statement published Monday. However, SSW didn’t indicate that they’d been contacted for ransom. “We are experiencing disruption to our corporate IT network and our teams are working to resolve this as quickly as possible. It is important to stress that our customer service teams are operating as usual,” the company wrote. The water provider further claimed that “this incident has not affected our ability to supply safe water.”

Aside from the company statements, evidence of the reported cyber-criminal confusion appeared in screenshots that Bleeping Computer published from ClOP’s Tor site. The cyber gang reportedly wrote that they had breached and “spent months in” Thames Water’s system. However, to back up their hack success, they posted email lists clearly associated with South Staffordshire Water (not Thames)…