Iranian attack on US water supply triggers investigation

Pyramid Lake, a reservoir formed by Pyramid Dam on Piru Creek in the eastern San Emigdio Mountains, near Castaic, Southern California.

–

An Iran-affiliated hacking group has claimed responsibility for breaching water systems in California, prompting an investigation by one of the state’s major water providers—though authorities have found no evidence so far that the U.S. water supply was actually compromised.

The group, calling itself Handala, stated it infiltrated systems belonging to California Water Service (Cal Water) and obtained internal data. It described the cyberattack as retaliation for alleged U.S. airstrikes on Iranian water infrastructure, which occurred amid escalating hostilities between Iran and a U.S.-Israel coalition beginning February 28.

Cal Water confirmed it is actively investigating the claims in coordination with state and federal agencies. The utility emphasized that no operational disruptions have been detected.

“We’re continuing our around-the-clock investigation, but initial findings show no impact to our water or wastewater operations, including our billing systems,” said spokesperson Yvonne Kingman in a statement to SJV Water on Monday. “We continue to see no operational issues.”

Public health officials have previously warned that rising geopolitical tensions could increase the risk of foreign cyberattacks on critical U.S. infrastructure.

On the subject of the alleged strikes, Iranian state media reported last Wednesday that a U.S. airstrike damaged a drinking-water facility near the Strait of Hormuz.

Around the same time, U.S. Central Command confirmed conducting precision strikes in the area using Air Force and Navy fighter jets. Spokesperson Tim Hawkins said the command was aware of the reports and looking into them. Newsweek reached out to U.S. Central Command for comment on Tuesday.

Cybersecurity analysis suggests that if a breach occurred, it likely involved non-operational IT systems. Dataminr, a cybersecurity firm, identified signs that the hackers may have accessed a customer billing database containing personal details such as names, addresses, phone numbers, account IDs, and payment records. They may also have gained entry to an internal GPS tool used for monitoring infrastructure.

Importantly, neither system controls water treatment or distribution processes.

“Targeting water infrastructure aligns with Handala’s known strategy of going after essential services to create psychological and societal disruption,” the analysis noted.

“The pattern of accessing both customer data and operational support networks highlights a focus on visibility and broad impact rather than stealth.

Notably, there is no verified record of Handala interfering with water treatment or chemical control systems in past operations—the group’s activities have so far involved data theft, deployment of destructive malware, and psychological tactics.”

Cal Water’s investigation is still underway.

–

Original Article: Iranian attack on US water supply triggers investigation