(TLP:CLEAR) Canada’s Cyber Centre Warns of Internet-Accessible ICS Abused by Hacktivists, Water Facility Breach
Created: Thursday, October 30, 2025 - 13:38
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
Summary: Yesterday, the Canadian Centre for Cyber Security (CCCS) issued an alert titled “Internet-accessible industrial control systems (ICS) abused by hacktivists.” The alert raises awareness of a recently identified cyber threat that may impact cyber information assets and provides additional detection and mitigation advice to recipients.
CCCS notes that it has received multiple reports of incidents involving internet-accessible ICS in recent weeks. In one such incident, a Canadian water facility was breached by threat actors who tampered with water pressure values, resulting in degraded service for its community. While CCCS did not provide specific details as to the precise nature of this incident, it does offer suggested actions that critical infrastructure owners and operators can take to mitigate threats from hacktivists and other similar threat actors.
Analyst Note: As highlighted in WaterISAC’s latest annual Threat Analysis Report (which was released this week), the ongoing threat of hacktivism appears to be expanding and shifting toward more advanced capabilities. This includes moving beyond website defacement and distributed-denial-of-service (DDoS) attacks toward more sophisticated data leaks and disruption of cyber-physical systems, as indicated by Forescout. The recent activity observed by CCCS certainly supports these findings: “hacktivists are increasingly exploiting internet-accessible ICS devices to gain media attention, discredit organizations, and undermine Canada’s reputation.”
WaterISAC encourages members to review the CCCS alert and to include the suggested actions in efforts to mitigate hacktivist and other similar attacks. Additionally, members are encouraged to follow the previous guidance from CISA – Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity.
Original Source: https://www.cyber.gc.ca/en/alerts-advisories/al25-016-internet-accessible-industrial-control-systems-ics-abused-hacktivists
Additional Reading:
- Canada Says Hackers Tampered With ICS at Water Facility, Oil and Gas Firm
- (TLP:AMBER) Pro-Russian Hacktivists Claim Access to Water Infrastructure in the U.S. and Abroad
Mitigation Recommendations:
- CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity
- Security considerations for industrial control systems
Related WaterISAC PIRs: 6, 7, 7.1, 9, 12