In a recent event in the UK, hacker group “CL0P” announced that they had launched an attack on one of the biggest water suppliers in the UK. The ransomware gang claimed that they had stolen files, emails, driver’s licenses, and employee names from Thames Water, a privately owned company responsible for public water supply and wastewater treatment in Greater London. The water provider firm, however, revealed that the hacker had mistaken South Staff Water and South Staffordshire for Thames Water and had stolen data from a different supplier than them.
South Staffordshire Water speaks on the attack
The actual attack victim, South Staffordshire Water, acknowledged that its IT systems had been subjected to a cyberattack. The company stated in the announcement that the attack had only been able to affect its IT systems, and it will continue to supply water to its customers. The company claimed that their in-built systems could control the damage, and the operations weren’t harmed in any way. Additionally, the water supplier assured customers that all services would always be available and that there was no chance of prolonged disruptions due to the incident.
Did CL0P off beamed the cyberattack?
Though the ransomware gang claimed Thames Water as its victim, stating that they had acquired 5TB of data and even threatened to harm 15 million customers, the water supplier firm claims that CL0P’s allegations are invalid and are working at full capacity. To confirm the hack, the hacker group released a spreadsheet with usernames and passwords linked to South Staff Water and South Staffordshire.
Thus, the cybersecurity specialists and the alleged target company concluded that the attacker misidentified the victim and tried extorting financial gains from a different company. The firm also released a public statement on Tuesday: “We are aware of reports in the media that Thames Water is facing a cyber-attack. We want to reassure you that this is not the case, and we are sorry if the reports have caused distress.”
CL0P promptly changed the post’s error on the hacker forum and identified South Staffordshire Water as the actual target of the cyberattack.