SunWater is one of the state’s largest regional providers.
One of Australia’s largest regional water suppliers was breached for nine months before detecting the unauthorized access.
SunWater is an Australian government-owned water supplier responsible for operating 19 major dams, 80 pumping stations, and 1,600 miles long pipelines. It is one of the state’s largest regional providers.
According to the annual financial audit report that was published by the Queensland Audit Office, SunWater was breached for nine months, with the actors remaining undetected the entire time.
The breach has occurred between August 2020 and May 2021 and the threat actors targeted an older and more vulnerable version of the system.
The web server that stores customer information contained suspicious files that increased visitor traffic to an online video platform.
This breach appears to have been caused by financially motivated cyber-criminals, and no customers are impacted.
The auditor explained that it had taken corrective measures, including patching, more robust password practices, and network monitoring.
As entities use more cloud-based services, cyber risk vulnerabilities and exposures must be continuously assessed. Utility providers are increasingly being targeted by more concerning attacks designed to cause service disruption and even harm citizens.