In an unexpected twist, a relatively new pro-Russian hacktivist group, TwoNet, recently found themselves tricked into attacking a decoy target. The group, known for their cyber activities, breached what they believed was a real Dutch water facility organization. They managed to log in using default credentials and exploited a vulnerability to deface the website. But here’s where it gets interesting – the facility was fake!
The website and infrastructure were all part of an elaborate ruse set up by cybersecurity researchers at Forescout. They created a ‘honeypot’ – a trap designed to lure cybercriminals into revealing their tactics, techniques, and procedures (TTP). After successfully breaching the fake facility, TwoNet took to their Telegram channel to boast about their accomplishment, only to find out they’d been tricked.
This isn’t the first time hackers have fallen for such traps. Last year, a fake healthcare clinic also caught a few threat actors. However, this is the first time hackers have publicly claimed to have breached something that wasn’t real. “Groups moving from DDoS/defacement to OT/ICS often misread targets, trip over honeypots, or over-claim,” the researchers explained.
Cybercriminals are increasingly targeting critical infrastructure organizations, like water and wastewater treatment facilities, power plants, and data centers. Most of the time, these are ransomware actors aiming to force companies to pay a ransom to avoid operational downtime. In some cases, the attackers are state-sponsored, with motives ranging from cyber-espionage to setting up potential ‘kill-switches’.
So, while TwoNet might have thought they’d scored a big win, they’ve actually provided valuable insights into their tactics. Stay tuned for more updates on the ever-evolving world of cybersecurity!
