{ "id": "a07ccdd9-32e5-4342-a8db-78610977fa76", "created_at": "2026-04-06T00:15:08.541589Z", "updated_at": "2026-04-10T03:23:49.460018Z", "deleted_at": null, "sha1_hash": "1131f186dc78ce3241b9ea67d2c0f76846556663", "title": "North Texas water utility serving 2 million hit with cyberattack", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 76376, "plain_text": "North Texas water utility serving 2 million hit with cyberattack\r\nBy Jonathan Greig\r\nPublished: 2023-11-28 · Archived: 2026-04-05 13:46:35 UTC\r\nA water utility serving two million people in North Texas is dealing with a cybersecurity incident that caused\r\noperational issues.\r\nWith more than 850 employees, North Texas Municipal Water District (NTMWD) provides wholesale water,\r\nwastewater and solid waste management services to more than 13 cities in the state, including Plano and Frisco.\r\nAlex Johnson, director of communications for NTMWD, told Recorded Future News that they recently detected a\r\ncyberattack affecting their business computer network.\r\n“Most of our business network has been restored. Our core water, wastewater, and solid waste services to our\r\nMember Cities and Customers have not been impacted by this incident, and we continue to provide those services\r\nas usual,” Johnson said.\r\n“Our phone system was also affected by this incident, and we hope to have it back online this week. NTMWD has\r\nengaged third-party forensic specialists who are actively investigating the extent of any unauthorized activity. The\r\ninvestigation is ongoing at this time and includes a review of any potentially impacted District data.”\r\nThe incident comes one day after an attack on a Pennsylvania water authority was hit with a cyberattack that\r\nreportedly prompted workers to take equipment offline and use backup tools to maintain water pressure.\r\nREAD MORE: Pennsylvania water authority hit with cyberattack allegedly tied to pro-Iran group.\r\nJohnson added that law enforcement was notified of the incident, but did not respond to requests for comment\r\nabout whether NTMWD is dealing with ransomware.\r\nThe cybercrime gang known as Daixin Team said it was behind the attack, adding NTMWD to its list of victims\r\non Monday and claiming to have stolen more than 33,000 files containing customer information.\r\nNTMWD initially warned customers that its phone lines were down on November 12. That warning is still on the\r\norganization’s website.\r\nThe ransomware group emerged in June 2022 and caused significant damage in September 2022 to Oakbend\r\nMedical Center, a hospital in Richmond, Texas. The hospital spent weeks recovering after its phone lines and\r\npatient record systems were brought down by the attack.\r\nThe group also attacked Fitzgibbon Hospital in Missouri and a German company called Ista International.\r\nRansomware gangs have targeted water utilities as critical infrastructure organizations likely to pay exorbitant\r\nransoms to restore service.\r\nhttps://therecord.media/north-texas-water-utility-cyberattack\r\nPage 1 of 3\n\nU.S. law enforcement agencies said ransomware gangs hit five U.S. water and wastewater treatment facilities\r\nfrom 2019 to 2021 — and those figures did not include three other widely reported cyberattacks on water utilities.\r\nRichard Caralli, senior cybersecurity advisor at Axio, told Recorded Future News that municipal water is an\r\nunder-appreciated attack target.\r\n“It has several challenges: limited cybersecurity budget and staff, significant third-party dependencies, and one of\r\nthe most direct vectors for causing wide-spread effects on life, safety, and health,” he said.\r\nThe U.S. Environmental Protection Agency (EPA) sought to help improve cybersecurity protections at water\r\nutilities earlier this year but backed off the effort following lawsuits from Republican lawmakers and powerful\r\nindustry groups AWWA and NRWA.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/north-texas-water-utility-cyberattack\r\nPage 2 of 3\n\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/north-texas-water-utility-cyberattack\r\nhttps://therecord.media/north-texas-water-utility-cyberattack\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://therecord.media/north-texas-water-utility-cyberattack" ], "report_names": [ "north-texas-water-utility-cyberattack" ], "threat_actors": [ { "id": "86ab2e9a-75b1-48af-8313-0a5ec1f7d12c", "created_at": "2023-12-03T02:00:05.154685Z", "updated_at": "2026-04-10T02:00:03.488062Z", "deleted_at": null, "main_name": "Daixin Team", "aliases": [], "source_name": "MISPGALAXY:Daixin Team", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434508, "ts_updated_at": 1775791429, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/1131f186dc78ce3241b9ea67d2c0f76846556663.pdf", "text": "https://archive.orkl.eu/1131f186dc78ce3241b9ea67d2c0f76846556663.txt", "img": "https://archive.orkl.eu/1131f186dc78ce3241b9ea67d2c0f76846556663.jpg" } }