The Iran-linked threat actor Handala this week boasted to have hacked California Water Service (Cal Water), and published 5 gigabytes of data allegedly stolen from the US water utility.
In a post on their blog, the hacking group said the intrusion was retaliation for recent US actions in Iran and claimed they had the ability to disrupt water access but chose not to.
While the level of access Handala had has not been confirmed, threat intelligence company Dataminr says the threat actor likely hacked into Cal Water’s RTKBase instance, a GNSS base station platform, and then moved laterally to a billing system.
Cal Water is one of the largest investor-owned water utilities in the US, with roughly two million customers across 100 communities in California.
The cybersecurity firm says that Cal Water’s Chico District has been confirmed as the victim of the attack. Data leaked by Handala shows it likely accessed a customer billing database and Cal Water’s internal RTKBase application.
