TwoNet hacktivists target critical infrastructure with realistic honeypot attack

Timeline

1. 09.10.2025 14:13 1 articles · 4h ago

   TwoNet targets water treatment facility with realistic honeypot attack

   In September 2025, the pro-Russian hacktivist group TwoNet targeted a water treatment facility that was a realistic honeypot set up by Forescout researchers. The attack demonstrated TwoNet’s ability to move from initial access to disruptive actions in approximately 26 hours. The group exploited default credentials, SQL vulnerabilities, and an XSS flaw to gain access and disrupt operations. They created a new user account, displayed a hacking message, and disabled real-time updates and alarms. The intrusion was detected and logged by Forescout researchers monitoring the honeypot.

   Show sources

   • Hacktivists target critical infrastructure, hit decoy plant — www.bleepingcomputer.com — 09.10.2025 14:13

   Open in new tab

Information Snippets

• TwoNet initially focused on DDoS attacks but has since expanded to targeting critical infrastructure.

  First reported: 09.10.2025 14:13
  1 source, 1 article
  Show sources

  • Hacktivists target critical infrastructure, hit decoy plant — www.bleepingcomputer.com — 09.10.2025 14:13

• The attack on the water treatment facility was conducted in September 2025.

  First reported: 09.10.2025 14:13
  1 source, 1 article
  Show sources

  • Hacktivists target critical infrastructure, hit decoy plant — www.bleepingcomputer.com — 09.10.2025 14:13

• The facility was a realistic honeypot set up by Forescout researchers.

  First reported: 09.10.2025 14:13
  1 source, 1 article
  Show sources

  • Hacktivists target critical infrastructure, hit decoy plant — www.bleepingcomputer.com — 09.10.2025 14:13

• TwoNet gained initial access at 8:22 AM using default credentials.

  First reported: 09.10.2025 14:13
  1 source, 1 article
  Show sources

  • Hacktivists target critical infrastructure, hit decoy plant — www.bleepingcomputer.com — 09.10.2025 14:13

• The group attempted to enumerate databases and succeeded on the second attempt using correct SQL queries.

  First reported: 09.10.2025 14:13
  1 source, 1 article
  Show sources

  • Hacktivists target critical infrastructure, hit decoy plant — www.bleepingcomputer.com — 09.10.2025 14:13

• TwoNet created a new user account named Barlati and exploited an XSS vulnerability (CVE-2021-26829) to display a hacking message.

  First reported: 09.10.2025 14:13
  1 source, 1 article
  Show sources

  • Hacktivists target critical infrastructure, hit decoy plant — www.bleepingcomputer.com — 09.10.2025 14:13

• The attackers disabled real-time updates and alarms by removing PLCs from the data source list and changing PLC setpoints in the HMI.

  First reported: 09.10.2025 14:13
  1 source, 1 article
  Show sources

  • Hacktivists target critical infrastructure, hit decoy plant — www.bleepingcomputer.com — 09.10.2025 14:13

• The intrusion was logged by Forescout researchers at 11:19 AM the following day.

  First reported: 09.10.2025 14:13
  1 source, 1 article
  Show sources

  • Hacktivists target critical infrastructure, hit decoy plant — www.bleepingcomputer.com — 09.10.2025 14:13

• TwoNet has targeted HMI and SCADA interfaces of critical infrastructure organizations in 'enemy countries'.

  First reported: 09.10.2025 14:13
  1 source, 1 article
  Show sources

  • Hacktivists target critical infrastructure, hit decoy plant — www.bleepingcomputer.com — 09.10.2025 14:13

• The group has published personal details of intelligence and police personnel and offered cybercrime services.

  First reported: 09.10.2025 14:13
  1 source, 1 article
  Show sources

  • Hacktivists target critical infrastructure, hit decoy plant — www.bleepingcomputer.com — 09.10.2025 14:13