C0020 Maroochy Water Breach
Maroochy Water Breach was an incident in 2000 where an adversary leveraged the local government’s wastewater control system and stolen engineering equipment to disrupt and eventually release 800,000 liters of raw sewage into the local community.
Item |
Value |
ID |
C0020 |
Associated Names |
|
First Seen |
February 2000 |
Last Seen |
April 2000 |
Version |
1.0 |
Created |
10 March 2023 |
Last Modified |
05 April 2023 |
Navigation Layer |
View In ATT&CK® Navigator |
Techniques Used
Domain |
ID |
Name |
Use |
ics |
T0878 |
Alarm Suppression |
In the Maroochy Water Breach, the adversary suppressed alarm reporting to the central computer. |
ics |
T0879 |
Damage to Property |
In the Maroochy Water Breach, the adversary gained remote computer access to the control system and altered data so that whatever function should have occurred at affected pumping stations did not occur or occurred in a different way. This ultimately led to 800,000 liters of raw sewage being spilled out into the community. The raw sewage affected local parks, rivers, and even a local hotel. This resulted in harm to marine life and produced a sickening stench from the community’s affected rivers. |
ics |
T0813 |
Denial of Control |
In the Maroochy Water Breach, the adversary temporarily shut an investigator out of the network preventing them from issuing any controls. |
ics |
T0815 |
Denial of View |
In the Maroochy Water Breach, the adversary temporarily shut an investigator out of the network, preventing them from viewing the state of the system. |
ics |
T0822 |
External Remote Services |
In the Maroochy Water Breach, the adversary gained remote computer access to the system over radio. |
ics |
T0838 |
Modify Alarm Settings |
In the Maroochy Water Breach, the adversary disabled alarms at four pumping stations, preventing notifications to the central computer. |
ics |
T0836 |
Modify Parameter |
In the Maroochy Water Breach, the adversary gained remote computer access to the control system and altered data so that whatever function should have occurred at affected pumping stations did not occur or occurred in a different way. The software program installed in the laptop was one developed for changing configurations in the PDS computers. This ultimately led to 800,000 liters of raw sewage being spilled out into the community. |
ics |
T0848 |
Rogue Master |
In the Maroochy Water Breach, the adversary falsified network addresses in order to send false data and instructions to pumping stations. |
ics |
T0856 |
Spoof Reporting Message |
In the Maroochy Water Breach, the adversary used a dedicated analog two-way radio system to send false data and instructions to pumping stations and the central computer. |
ics |
T0864 |
Transient Cyber Asset |
In the Maroochy Water Breach, the adversary utilized a computer, possibly stolen, with proprietary engineering software to communicate with a wastewater system. |
ics |
T0855 |
Unauthorized Command Message |
In the Maroochy Water Breach, the adversary used a dedicated analog two-way radio system to send false data and instructions to pumping stations and the central computer. |
ics |
T0860 |
Wireless Compromise |
In the Maroochy Water Breach, the adversary used a two-way radio to communicate with and set the frequencies of Maroochy Shire’s repeater stations. |
References