Mandiant: Notorious Russian hacking unit linked to breach of Texas water facility | CyberScoop<\/title> <meta name=\"description\" content=\"Researchers from the Google-owned firm conclude that Sandworm personas are linked to several recent attacks on critical infrastructure. \"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/sandworm-apt44-texas-water-facility\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Mandiant: Notorious Russian hacking unit linked to breach of Texas water facility\"> <meta property=\"og:description\" content=\"Researchers from the Google-owned firm conclude that Sandworm personas are linked to several recent attacks on critical infrastructure. \"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/sandworm-apt44-texas-water-facility\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-04-17T16:41:23+00:00\"> <meta property=\"article:modified_time\" content=\"2024-04-17T16:48:18+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility-1.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1712700738g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1713212360g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1711866546g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/80164\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.5.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=80164\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsandworm-apt44-texas-water-facility%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fsandworm-apt44-texas-water-facility%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-80164 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/sandworm-apt44-texas-water-facility\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.120145631068\">\n<div class=\"single-article__header-content\" readability=\"29.523131672598\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/geopolitics\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> Researchers from the Google-owned firm conclude that Sandworm personas are linked to several recent attacks on critical infrastructure. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility-1.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility-1.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility-1.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility-1.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility-1.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility-1.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility-1.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility-1.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility-1.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> The Russian flag flies at the embassy’s compound in Washington, DC, on April 15, 2021. (Photo by MANDEL NGAN\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"60.578087581252\"><body readability=\"122.38343236631\"><\/p>\n<p>The potent and enduring Russian military intelligence hacking operation known as Sandworm was likely responsible for attacks on water utilities in the United States, Poland and a small water mill in France, researchers with <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/apt44-unearthing-sandworm\">Google\u2019s Mandiant said Wednesday<\/a>.<\/p>\n<p>Wednesday\u2019s report concludes that Sandworm is behind a set of online personas \u2014 including Xaknet, Cyber Army of Russia Reborn and Solntsepek \u2014 that have been linked to a string of recent attacks on critical infrastructure, including a water system in Texas. The personas claim the attacks as their own and often exaggerate their impact, while attempting to put distance between the incidents and one of Russia\u2019s most notorious hacking crews. <\/p>\n<p>Sandworm is suspected of controlling the work of a pro-Russian hacktivist group that calls itself the CyberArmyofRussia_Reborn (CARR) that has targeted U.S. water utilities, according to Mandiant. On January 18, the hacktivist group posted <a href=\"https:\/\/twitter.com\/Cyberknow20\/status\/1748139362104361021\/video\/2\">a splashy video<\/a> to Telegram that targeted water tanks in Muleshoe, Texas, appearing to use the human-machine interface (HMI) to turn on the pumps, causing the tank water level to overflow.<\/p>\n<p>Muleshoe city officials <a href=\"https:\/\/www.myplainview.com\/news\/local\/article\/leaders-area-towns-discuss-cyber-attack-water-18640534.php\">confirmed the overflow<\/a> in February while noting that it did not cause any service disruptions.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>It is unclear whether Sandworm, a Russian military intelligence unit, is directing the work of CARR or whether the group informs its contacts within Russian intelligence after it has carried out an operation, Mandiant cautioned. CARR\u2019s exact membership is unknown and may include individuals who are not members of Russian intelligence. <\/p>\n<p>Mandiant has observed links between Sandworm and CARR, including a YouTube channel created by the hacktivist group linked to infrastructure that, in turn, is linked to Sandworm. \u201cThese patterns of interaction align with TAG\u2019s assessment that CyberArmyofRussia_Reborn is created and controlled by APT44,\u201d Mandiant argues.<\/p>\n<p>Russia\u2019s attack using a persona controlled by Sandworm represents a significant escalation of the Kremlin\u2019s attacks on U.S. critical infrastructure. Russian ransomware gangs have operated with impunity and have attacked U.S. critical infrastructure for years, causing major disruptions such as the Colonial Pipeline hack, but nation-state groups like Sandworm have to date not carried out disruptive attacks on U.S. soil.<\/p>\n<p>Mandiant <a href=\"https:\/\/www.mandiant.com\/resources\/blog\/gru-rise-telegram-minions\">previously believed<\/a> that the CyberArmyofRussia_Reborn was linked to the Russian hacking group APT28, also known as Fancy Bear. Mandiant said that after re-analyzing the data, it was able to attribute the suspected activity to Sandworm \u201cwith high confidence.\u201d<\/p>\n<p>CyberArmyofRussia_Reborn joins a small but growing group of hacktivist personas linked to nation-linked hackers that target U.S. critical infrastructure. The CyberAv3ngers, a group run by the Iranian Government Islamic Revolutionary Guard Corps, last year hit <a href=\"https:\/\/cyberscoop.com\/pennsylvania-water-facility-hack-iran\/\">water facilities in Aliquippa<\/a>, Pennsylvania., and others that were using devices made by the Israeli firm Unitronics.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Other attacks on critical infrastructure carried out by personas under Sandworm\u2019s control include a March incident in which the group calling itself <a href=\"https:\/\/cyberscoop.com\/russian-military-intelligence-may-have-deployed-wiper-against-multiple-ukrainian-isps\/\">Solntsepek claimed credit<\/a> for an attack on multiple Ukrainian telecommunications providers. Ukrainian officials <a href=\"https:\/\/cyberscoop.com\/viasat-malware-wiper-acidrain\/\">told CyberScoop at the time<\/a> that the attack was likely carried out by Sandworm. <\/p>\n<p>Wednesday\u2019s findings are part of a comprehensive analysis in which Mandiant upgraded Sandworm as a fully fledged advanced persistent threat group. The group it now refers to as APT 44 is considered to be among the most capable, dangerous state-backed hacking groups. <\/p>\n<p>\u201cAPT44 is a uniquely dynamic threat actor that is actively engaged in the full spectrum of cyber espionage, attack, and influence operations,\u201d Mandiant researchers <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/apt44-unearthing-sandworm\">wrote in the report<\/a>.<\/p>\n<p>\u201cAPT44 is the most brazen threat actor there is, in the midst of one of the most intense campaigns of cyber activity we\u2019ve ever seen, in full-blown support of Russia\u2019s war of territorial aggression,\u201d Dan Black, a lead author of the report and manager of cyber espionage analysis for Mandiant, said in a statement. \u201cThere is no other threat actor today that is more worthy of our collective attention, and the threat APT44 poses is evolving rapidly.\u201d<\/p>\n<p>APT44 is believed to operate as Unit 74455. It is part of the Main Centre for Special Technologies, within the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, which is commonly known as the Main Intelligence Directorate, or GRU, according to Mandiant. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The group primarily targets government, defense, transportation, energy, media and civil society organizations in Russia\u2019s near abroad, the researchers said. It has repeatedly targeted Western electoral systems and institutions, including in NATO member countries. On three separate occasions, the group has succeeded in using a cyberattack to disrupt electricity distribution in Ukraine.<\/p>\n<p>The Russian embassy in Washington, D.C., did not respond to a request for comment.<\/p>\n<p>Sandworm\u2019s operations targeting U.S. water facilities come as the White House has been sounding the alarm that the water sector needs to improve its cybersecurity defenses. With many of the nation\u2019s water utilities strapped for resources, cybersecurity investments have fallen by the wayside. <\/p>\n<p>The White House has tried to put in place more stringent cybersecurity rules for the sector but has failed to find an effective mechanism by which to do so. The Environmental Protection Agency issued a directive last year for water utilities to beef up their defenses but <a href=\"https:\/\/cyberscoop.com\/epa-calls-off-cyber-regulations-for-water-sector\/\">withdrew that rule<\/a> after several states and industry trade groups sued.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"0.50406504065041\">\n<div class=\"author-card\" readability=\"7\">\n<p><h4 class=\"author-card__name\">Written by AJ Vicens and Christian Vasquez<\/h4>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/sandworm-apt44-texas-water-facility\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mandiant: Notorious Russian hacking unit linked to breach of Texas<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1895,302,466,578,270,880,354],"tags":[1896,306,470,580,276,881,358],"class_list":["post-3139","post","type-post","status-publish","format-standard","hentry","category-apt44","category-geopolitics","category-gru","category-industrial-control-systems-ics","category-russia","category-sandworm","category-ukraine","tag-apt44","tag-geopolitics","tag-gru","tag-industrial-control-systems-ics","tag-russia","tag-sandworm","tag-ukraine"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/apt44\/\" rel=\"category tag\">APT44<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/gru\/\" rel=\"category tag\">GRU<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/industrial-control-systems-ics\/\" rel=\"category tag\">industrial control systems (ICS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sandworm\/\" rel=\"category tag\">Sandworm<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ukraine\/\" rel=\"category tag\">Ukraine<\/a>","tag_info":"Ukraine","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3139","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3139"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3139\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":3139,"date":"2024-04-17T11:41:23","date_gmt":"2024-04-17T16:41:23","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=80164"},"modified":"2024-04-17T11:41:23","modified_gmt":"2024-04-17T16:41:23","slug":"mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/04\/17\/mandiant-notorious-russian-hacking-unit-linked-to-breach-of-texas-water-facility\/","title":{"rendered":"Mandiant: Notorious Russian hacking unit linked to breach of Texas water facility"},"content":{"rendered":"