NATION-STATE actors, particularly from Iran, Russia, and China, are increasingly targeting water systems worldwide, leveraging weak passwords and exposed PLCs rather than sophisticated malware. Research from DomainTools highlights that these attacks, dating back to 2024, often aim to create public fear rather than cause immediate harm. Iran’s tactics are typically opportunistic, focusing on propaganda, while Russia engages in more direct sabotage, as seen in a Texas incident where a water tank overflowed.
China's Volt Typhoon group poses a long-term threat, pre-positioning access for potential conflicts. All actors exploit similar vulnerabilities, stressing the need for improved cybersecurity measures within water infrastructure.