Iranian hackers breach California water utility via exposed GPS tool
A pro-Iran cyber group breached a major California water utility, accessing billing data for millions of customers through an exposed GPS tool. The incident underscores how seemingly routine infrastructure components can become entry points for serious cyber threats.
A gateway left open
The threat actor, known as Handala, exploited an open-source GPS correction platform called RTKBase used by Cal Water to support field operations. Researchers found the platform's web interface exposed on standard HTTP ports across multiple districts, making it an easy target. From there, the group pivoted to a customer billing database containing names, service addresses, phone numbers, and payment histories for accounts across several Cal Water regions.
What was exposed—and why it matters
Handala claimed the breach was retaliation for recent U.S. actions in Iran and released a 5GB data dump as proof. While the group asserted it could have disrupted water access, it chose not to—for now. Security firm Dataminr analyzed the leak and identified administrative credentials and network details published in plaintext, fully compromising the exposed systems. The incident highlights the risks of weak segmentation between operational and administrative networks in critical infrastructure.
A call for urgent action
Dataminr researchers recommend immediate credential rotation, taking RTKBase instances offline for review, and tightening network segmentation to prevent future breaches. The breach serves as a reminder that even secondary systems, like GPS platforms, can become critical vulnerabilities when left unprotected.
Source: Security Affairs. AI-assisted editorial synthesis — TechnoExpress.