| The Record from Recorded Future News
therecord.media
Alexander Martin
November 3rd, 2025

The U.K.'s water suppliers have reported five cyberattacks since January 2024, according to information reviewed by Recorded Future News. The incidents did not affect the safety of water supplies, but they highlight an increasing threat.

None of the attacks impacted the safe supply of drinking water itself, but instead affected the organizations behind those supplies. The incidents, a record number in any two-year period, highlight what British intelligence warns is an increasing threat posed by malicious cyber actors to the country’s critical infrastructure.

The data shared by the Drinking Water Inspectorate (DWI) showed the watchdog received 15 reports from suppliers between January 1, 2024, and October 20, 2025. These were sent under the NIS Regulations, which is just one part of the extensive legal framework governing the security of drinking water systems in Britain.

Of these reports, five regarded cybersecurity incidents affecting what the DWI called “out-of-NIS-scope systems” with the others being non-cyber operational issues. Further details of the 15 reports were not shared with Recorded Future News..

Currently, the NIS Regulations limit formally reportable cyber incidents to those that actually result in disruption to an essential service. If British infrastructure suppliers were impacted by hacks such as the pre-positioning campaign tracked as Volt Typhoon, suppliers would not have a legal duty to disclose them.

DWI said the five incidents that were disclosed to the watchdog were shared for information purposes because they were considered to be “related to water supply resilience risks.”

British officials are expected to try to amend this high bar for reporting when the government updates those laws through the much-delayed Cyber Security and Resilience Bill, when it is finally introduced to Parliament later this year.

A government spokesperson said: “The Cyber threats we face are sophisticated, relentless and costly. Our Cyber Security and Resilience Bill will be introduced to Parliament this year and is designed to strengthen our cyber defences — protecting the services the public rely on so they can go about their normal lives.”

Five reports better than none
That the reports were made despite not being required by the NIS Regulations was a positive sign, said Don Smith, vice president threat research at Sophos.

“Critical infrastructure providers, like any modern connected enterprise, are subject to attacks from criminal actors daily. It is no surprise that security incidents do occur within these enterprises, despite the compliance regimes that they’re subjected to,” Smith told Recorded Future News when asked about the data.

“I think we should be encouraged that these reports were shared outside of the scope of the NIS Regulations. It is very useful for critical infrastructure operators to understand the nature of these attacks, both in the case of commodity threats and if there’s an advanced adversary operating, and a culture of information sharing helps widen everyone’s aperture.”

Although there have been ransomware attacks against the IT office systems used by water companies — including on South Staffs Water in the U.K. and Aigües de Mataró in Spain — it is extremely rare for cyberattacks on water suppliers to actually disrupt supplies.

In one rare case of a successful attack on an OT (operational technology) component, residents of a remote area on Ireland’s west coast were left without water for several days in December 2023 when a pro-Iran hacking group indiscriminately targeted facilities using a piece of equipment the hackers complained was made in Israel.

The U.S. federal government had issued a warning about the exploitation of Unitronics programmable logic controllers (PLCs) used by many organizations in the water sector. Attacks on PLCs, core technology components in a lot of industrial control systems, are one of the main concerns of critical infrastructure defenders.

Initiatives to improve the security of water systems in the United States faltered under the Biden administration when water industry groups partnered with Republican lawmakers to put a halt to the federal efforts, despite significant increases in the number of ransomware attacks and state-sponsored intrusions.

Last week, Canadian authorities warned of an incident in which hacktivists changed the water pressure at one local utility among a spate of attacks interfering with industrial control systems.

Britain's National Cyber Security Centre encourages critical infrastructure providers to ensure they have properly segmented their business IT systems and their OT systems to reduce the impact of any cyber intrusion. In August, the agency released a new Cyber Assessments Framework to help organizations improve their resilience.

“Commodity rather than targeted attacks remain the most likely threat to impact critical infrastructure providers. The messaging I pass to CISOs and the people managing risk in these organizations is to worry about defending from the everyday as opposed to defending from the exotic,” said Smith.

“They’re expected to do both, but the much bigger risk is that we end up with a major piece of our CNI knocked offline because of a ransomware attack. I worry about people thinking about investing huge amounts in monitoring esoteric systems when they’re actually not protecting themselves from the basics.”

The Council today decided to impose additional restrictive measures against 21 individuals and 6 entities responsible for Russia’s destabilising actions abroad.

The Council has also broadened the scope to allow the EU to target tangible assets linked to Russia’s destabilising activities, such as vessels, aircraft, real estate, and physical elements of digital and communication networks, as well as transactions of credit institutions, financial institutions and entities providing crypto-assets services that directly or indirectly facilitate Russia’s destabilising activities.

Furthermore, in light of the systematic, international Russian campaign of media manipulation and distortion of facts aimed at destabilising neighbouring countries and the EU, the Council will now have the possibility to suspend the broadcasting licences of Russian media outlets under the control of the Russian leadership, and to prohibit them from broadcasting their content in the EU.

In line with the Charter of Fundamental Rights, the measures agreed today will not prevent the targeted media outlets and their staff from carrying out activities in the EU other than broadcasting, e.g. research and interviews.

Today’s listings include Viktor Medvedchuk, a former Ukrainian politician and businessman who, through his associates Artem Marchevskyi and Oleg Voloshin also listed today, controlled Ukrainian media outlets and used them to disseminate pro-Russian propaganda in Ukraine and beyond. Through secret financing of the “Voice of Europe” media channel - also listed today - and his political platform “Another Ukraine”, Medvedchuk has promoted policies and actions intended to erode the legitimacy and credibility of the government of Ukraine, in direct support of the foreign policy interests of the Russian Federation and disseminating pro-Russian propaganda.

Following news of cyber incidents impacting UK retailers, the NCSC can confirm it is working with organisations affected.

NCSC CEO Dr Richard Horne said:

“The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public.

“The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.

“These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”

China on Tuesday accused three alleged employees of the U.S. National Security Agency of carrying out cyberattacks on the Asian Winter Games in February.

The group, known as the Holy League, is said to be made up of around 90 hacktivist collectives united by opposition to Western liberal values

Pro-Russian and pro-Palestinian hacktivist groups share a common adversary in France, leading to coordinated cyberattacks against the country.

Inexpensive information-stealing malware surged in 2024, infecting 23 million hosts, according to Flashpoint.

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

The hacking group's X account shared videos comparing Xi Jinping to an emperor and others commemorating the 1989 Tiananmen Square demonstrations.

Please don’t, actually. But do update your Shimano Di2 shifters’ software to prevent a new radio-based form of cycling sabotage.
#bicycles #cyberattacks #cybersecurity #cycling #fitness #hacks #security

Russia, which hasn’t been invited to the summit, has repeatedly called it “meaningless and harmful.” Swiss officials did not provide more details about the reported cyberattacks.

Cyber Army of Russia Reborn, a group with ties to the Kremlin’s Sandworm unit, is crossing lines even that notorious cyberwarfare unit wouldn’t dare to.

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania, a government agency reported.

Data shows hackers stole around $2 billion in crypto this year, according to data analyzed by blockchain security firms.

The British government accused a unit of Russia’s Federal Security Service (FSB) on Thursday of using cyberattacks in a “sustained but unsuccessful” campaign to undermine democratic institutions in the country.

Roughly 78% of healthcare organizations fell victim to a cyberattack over the past year and 60% of the incidents impacted care delivery

Absentee voters flooded social media to express their frustration at not being able to cast votes through an online system created by the government.

Canada's domestic food production system may actually be one of the most glaring cracks in Canada's national defences.
...
Attacking agricultural infrastructure has proven to be an effective part of the Russian playbook so far in its invasion of Ukraine. In June 2022, EU trade counsellor Maud Labat said Moscow has figured out how to wield food as a “geopolitical weapon.”

Microsoft has revoked several Chardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents.

A majority of 5G network operators experienced up to six cyber incidents in the past year. Defenses are especially lacking for ransomware and phishing attacks.