{ "id": "5a1e27b7-74c4-4332-8efd-622cda612c31", "created_at": "2026-04-06T00:15:31.456605Z", "updated_at": "2026-04-10T03:24:29.141368Z", "deleted_at": null, "sha1_hash": "2278bec7fd742261bc718254c93e99c1b3cea5ad", "title": "Hackers attack UK water supplier but extort wrong company", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 3442762, "plain_text": "Hackers attack UK water supplier but extort wrong company\r\nBy Bill Toulas\r\nPublished: 2022-08-16 · Archived: 2026-04-05 16:40:18 UTC\r\nSouth Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6m consumers daily, has issued a\r\nstatement confirming IT disruption from a cyberattack.\r\nAs the announcement explains, the safety and water distribution systems are still operational, so the disruption of the IT\r\nsystems doesn’t impact the supply of safe water to its customers or those of its subsidiaries, Cambridge Water and South\r\nStaffs Water.\r\n“This is thanks to the robust systems and controls over water supply and quality we have in place at all times, as well as the\r\nquick work of our teams to respond to this incident and implement the additional measures we have put in place on a\r\nprecautionary basis,” explains the statement published on the company’s site.\r\nhttps://www.bleepingcomputer.com/news/security/hackers-attack-uk-water-supplier-but-extort-wrong-company/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/hackers-attack-uk-water-supplier-but-extort-wrong-company/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nAlso, South Staffordshire Water reassures its customers that all service teams are operating as usual, so there’s no risk of\r\nextended outages due to the cyberattack.\r\nClop misidentifies victim?\r\nMeanwhile, the Clop ransomware gang claimed Thames Water as their victim via an announcement on their onion site\r\ntoday, alleging to have accessed SCADA systems they could manipulate to cause harm to 15 million customers.\r\nThames Water is UK's largest water supplier and wastewater treatment provider, serving Greater London and areas\r\nsurrounding river Thames.\r\nThe hackers allege to have informed Thames Water of its network security inadequacies and claim that they acted\r\nresponsibly by not encrypting their data and only exfiltrating 5TB from the compromised systems.\r\nPart of Clop's claims in the gang's data leak extortion site\r\nHowever, following a supposed collapse in the negotiations of the ransom payment, the actors published the first sample of\r\nstolen data that includes passports, screenshots from water treatment SCADA systems, driver’s licenses, and more.\r\nThames Water has officially disputed these claims via a statement today, saying that reports of Clop having breached its\r\nnetwork are \"cyber-hoax\" and that its operations are at full capacity.\r\nOne key detail in the case is that among the published evidence, Clop presents a spreadsheet with usernames and passwords,\r\nwhich features South Staff Water and South Staffordshire email addresses.\r\nhttps://www.bleepingcomputer.com/news/security/hackers-attack-uk-water-supplier-but-extort-wrong-company/\r\nPage 3 of 5\n\nPublished evidence pointing to SSW\r\nAdditionally, BleepingComputer observed, one of the leaked documents sent to the targeted firm is explicitly addressed to\r\nSouth Staffordshire PLC.\r\nAs such, it’s very likely that Clop misidentified their victim or that they are attempting to extort a much larger company\r\nusing false evidence.\r\nThis attack comes during dire drought times for UK consumers, with eight areas in the country imposing water ration\r\npolicies and hosepipe bans.\r\nCybercriminals don’t pick their targets randomly, as hitting water suppliers during harsh drought periods could apply\r\ninsurmountable pressure to pay the demanded ransom.\r\nFor this to happen, though, Clop has to redirect its threats to the correct entity, but considering the publicity the matter has\r\ntaken, it’s probably too late for that.\r\nUpdate 8/17/22: Clop has corrected their error and now list South Staffordshire Water as the victim on the extortion site.\r\nListed victim on Clop site\r\nhttps://www.bleepingcomputer.com/news/security/hackers-attack-uk-water-supplier-but-extort-wrong-company/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/hackers-attack-uk-water-supplier-but-extort-wrong-company/\r\nhttps://www.bleepingcomputer.com/news/security/hackers-attack-uk-water-supplier-but-extort-wrong-company/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/hackers-attack-uk-water-supplier-but-extort-wrong-company/" ], "report_names": [ "hackers-attack-uk-water-supplier-but-extort-wrong-company" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434531, "ts_updated_at": 1775791469, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/2278bec7fd742261bc718254c93e99c1b3cea5ad.pdf", "text": "https://archive.orkl.eu/2278bec7fd742261bc718254c93e99c1b3cea5ad.txt", "img": "https://archive.orkl.eu/2278bec7fd742261bc718254c93e99c1b3cea5ad.jpg" } }