The US, UK, and Canadian security agencies issued an alert warning about pro-Russia hacktivists causing disruptions in operational technology (OT) facilities by targeting small-scale OT systems in sectors like water and wastewater, dams, energy, and agriculture. The hacktivists exploited vulnerabilities in VNC remote access software and weak passwords on human-machine interfaces, manipulating settings in OT equipment to exceed normal operations. In response, the security agencies provided a list of mitigations including disconnecting devices from public-facing internet, implementing multi-factor authentication, changing default passwords, updating software, creating backups, and building resilience by regular scanning and testing
Additionally, UK organizations were recommended to use the NCSC's Early Warning service, while US-based operators were advised to contact their regional CISA office for assessment on posture. https://www.infosecurity-magazine.com/news/us-uk-warn-disruptive-russian-ot/