National Cyber Warfare Foundation (NCWF)

SCADA Hacking: Inside Russian Facilities, Part 4
0 user ratings		2025-09-10 02:04:18
milo
Red Team (CNA)

Part 4 – Cyber Cossacks Ops Welcome back, cyberwarriors. In Part 4 we dig deeper into operations by The Cyber Cossacks alongside other Ukrainian hacker units. We’ll expand on the companies we hit, their backgrounds and how we exploited their SCADA environments. Golfstream – St. Petersburg, Russia OOO Golfstream is one of the leading housing […]


The post SCADA Hacking: Inside Russian Facilities, Part 4 first appeared on Hackers Arise.















Part 4 – Cyber Cossacks Ops





Welcome back, cyberwarriors. In Part 4 we dig deeper into operations by The Cyber Cossacks alongside other Ukrainian hacker units. We’ll expand on the companies we hit, their backgrounds and how we exploited their SCADA environments.





Golfstream – St. Petersburg, Russia





OOO Golfstream is one of the leading housing and utilities integrators in St. Petersburg. They hold long-term service contracts with multiple municipal districts: Vasileostrovsky, Petrogradsky, and Krasnogvardeysky. Their core services include district heating management, central pump station monitoring, pressure regulation, and emergency response valves in hundreds of residential complexes and several municipal office buildings. Golfstream’s annual revenue exceeds 1.2 billion rubles, and they maintain service-level agreements guaranteeing at least 99 percent heating uptime.

















In December, we pivoted into the internal SCADA VLAN using a workstation that had outbound SMB access. Then, we crafted a script to override boiler ignition commands, shutting down circulation pumps one district at a time. Over three consecutive nights, residential temperatures dipped below 5 °C.









Human-Machine Interface screen from the heating system








Their IT team spent hours chasing network errors. On the fourth day, before our final shutdown, we encrypted OS volumes on all SCADA hosts. Boiler control HMIs failed to start, leaving many without heat. The total financial loss, including emergency generators and housing compensation, is yet unknown.









Boiler System Overview








Water Utility – Drozhannoe, Republic of Tatarstan





Drozhannoe is a rural settlement located 90 km northeast of Kazan. The local economy revolves around grain farming, dairy production, and small-scale poultry operations. The village council outsources the management of water wells to an external utility company.

















The Drozhannoe water system relies on a few aging control devices running outdated software. Data from the system, such as water flow and treatment levels is sent to a basic interface with limited security.





Liquid storage and pumping control system with the chlorine pump (shown with the X) off








After gaining access to it, we modified dosing parameters, shutting off the chlorine pump. Our goal was bacterial contamination, that would force the council to close wells and distribute bottled water from Kazan. Seeing the service provider trying to fix this issue, we wiped the system along with the hard drives that stored backups.





Polykod – Moscow, Russia





Polykod is a mid-sized engineering firm with 450 employees and annual revenue of 3 billion rubles. They specialize in SCADA and DCS systems for oil and gas clients, including major projects for Gazprom, Lukoil, and Tatneft. Their portfolio has remote well monitoring, pipeline pump station automation, and compressor station control across Siberia and the Volga region. The company maintains their network operations center in Moscow’s Presnensky District.













During reconnaissance on Shodan, we found Polykod running outdated software with an authentication bypass. We exploited that to drop a stager, then harvested service account hashes used across their environment. With those hashes, we gained access to a few SCADA servers and moved laterally through the corporate network. In just a few days, we were able to connect to and interact with four computer systems at distant drilling sites.









3D geological model showing well placements








When we got into the system, we changed the settings that control how fast the pumps run. This caused sudden spikes in pressure, which triggered safety systems to shut things down. The drilling teams saw pumps stopping for no clear reason and had to deal with emergency shutdowns. Alarms went off, and engineers had to take over control manually. The goal was simply to cause havoc. Then one morning, we erased key control servers and installed ransomware that locked out both Polykod employees and their clients.









Pump management showing pressure rates








Drilling rig monitoring system showing RPM at 0








Conclusion





Essential services like water, heating, and oil rely on SCADA systems that, if compromised, can shut down communities or disrupt energy supplies. Thankfully, Russians don’t bother with enforcing regular updates, better network design and constant monitoring, so these systems will stay vulnerable to future attacks.





The post SCADA Hacking: Inside Russian Facilities, Part 4 first appeared on Hackers Arise.



Source: HackersArise
Source Link: https://hackers-arise.com/scada-hacking-inside-russian-facilities-part-4/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.