Skip to content

C0020 Maroochy Water Breach

Maroochy Water Breach was an incident in 2000 where an adversary leveraged the local government’s wastewater control system and stolen engineering equipment to disrupt and eventually release 800,000 liters of raw sewage into the local community.1

Item Value
ID C0020
Associated Names
First Seen February 2000
Last Seen April 2000
Version 1.0
Created 10 March 2023
Last Modified 05 April 2023
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
ics T0878 Alarm Suppression In the Maroochy Water Breach, the adversary suppressed alarm reporting to the central computer.1
ics T0879 Damage to Property In the Maroochy Water Breach, the adversary gained remote computer access to the control system and altered data so that whatever function should have occurred at affected pumping stations did not occur or occurred in a different way. This ultimately led to 800,000 liters of raw sewage being spilled out into the community. The raw sewage affected local parks, rivers, and even a local hotel. This resulted in harm to marine life and produced a sickening stench from the community’s affected rivers.1
ics T0813 Denial of Control In the Maroochy Water Breach, the adversary temporarily shut an investigator out of the network preventing them from issuing any controls.1
ics T0815 Denial of View In the Maroochy Water Breach, the adversary temporarily shut an investigator out of the network, preventing them from viewing the state of the system.1
ics T0822 External Remote Services In the Maroochy Water Breach, the adversary gained remote computer access to the system over radio.1
ics T0838 Modify Alarm Settings In the Maroochy Water Breach, the adversary disabled alarms at four pumping stations, preventing notifications to the central computer.1
ics T0836 Modify Parameter In the Maroochy Water Breach, the adversary gained remote computer access to the control system and altered data so that whatever function should have occurred at affected pumping stations did not occur or occurred in a different way. The software program installed in the laptop was one developed for changing configurations in the PDS computers. This ultimately led to 800,000 liters of raw sewage being spilled out into the community.1
ics T0848 Rogue Master In the Maroochy Water Breach, the adversary falsified network addresses in order to send false data and instructions to pumping stations.1
ics T0856 Spoof Reporting Message In the Maroochy Water Breach, the adversary used a dedicated analog two-way radio system to send false data and instructions to pumping stations and the central computer.1
ics T0864 Transient Cyber Asset In the Maroochy Water Breach, the adversary utilized a computer, possibly stolen, with proprietary engineering software to communicate with a wastewater system.1
ics T0855 Unauthorized Command Message In the Maroochy Water Breach, the adversary used a dedicated analog two-way radio system to send false data and instructions to pumping stations and the central computer.1
ics T0860 Wireless Compromise In the Maroochy Water Breach, the adversary used a two-way radio to communicate with and set the frequencies of Maroochy Shire’s repeater stations.1

References