ICS/OT

Cal Water Says No OT Systems Breached in Iranian Handala Cyberattack

Mandiant has helped the California water utility investigate the cyberattack launched by Iranian hacker group Handala.

Water utility hack

The investigation conducted by California Water Service (Cal Water) into the recent cyberattack claimed by the Iranian hacker group Handala found no evidence of activity in the water utility’s operational technology (OT) environment.

Handala, which claims to be a hacktivist collective but is widely believed to be a front for Iranian government hacking operations, said it could have disrupted the water supply after gaining access to Cal Water systems but decided not to do so. The statement suggested that the hackers had gained deep access to industrial control systems (ICS).

The threat actor leaked 5 GB of data allegedly taken from Cal Water systems. Cybersecurity analysts discovered personal information in the published files and found evidence that a customer billing system and an internal application may have been compromised.

SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition

Cal Water, one of the largest investor-owned water utilities in the United States, has hired cybersecurity experts, including Google’s Mandiant unit, to assist with the investigation into the cybersecurity incident. 

In a statement to SecurityWeek, Cal Water said, “Based on its investigation, Mandiant has confirmed that the threat actor activity was limited to unauthorized access to a small number of specific user accounts within two third-party service provider platforms.”

Advertisement. Scroll to continue reading.

It added, “Mandiant did not identify evidence of threat actor activity in Cal Water’s internal information technology or operational technology environments.”

“The investigation determined that the threat actor accessed one active customer’s online Cal Water account using stolen user credentials. The customer account did not provide access to the billing system, and no payment information was compromised. The threat actor also accessed an external, third-party web site related to a GPS location correction tool; however, the website does not contain any confidential or sensitive information.”

The organization concluded, “We appreciate the collaboration and support our state and federal government partners provided throughout the investigation, and we will continue to work to maintain the security of our systems and data from malicious actors.”

The water sector continues to be a prime target for threat actors due to its heavy reliance on legacy systems and often inadequate cybersecurity measures.

Related: Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning

Related: Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push

Related: Siemens Says Desigo CC Files Flagged as Malware by Security Engines

Related Content

ICS/OT

CISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog.

ICS/OT

The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.

ICS/OT

The 2026 Industrial Control Systems (ICS) Cybersecurity Conference takes place October 6-8, 2026, at the W Nashville.

Artificial Intelligence

Named EmberAI, the new capability is built on Dragos’ massive operational technology cybersecurity dataset.

ICS/OT

California Water Service says there is no indication of operational disruptions to its water and wastewater systems. 

Ransomware

Mackay Sugar was targeted in a cyberattack carried out by a threat group known as The Gentlemen.

Data Breaches

Someone posted fake VRChat and Discord data breach reports on the system, prompting the Maine AG to take action.

ICS/OT

The hackers published 5GB of data, including customer personal information and credentials for the RTKBase platform.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version