Hacker group claims California water system breach, citing retaliation | PiQ Markets

Hacker group claims California water system breach, citing retaliation | PiQ Markets

Hacker group claims California water system breach, citing retaliation

↳ Why This Matters

The claims highlight escalating cyber warfare between Iran-linked actors and the US, potentially targeting critical infrastructure and raising concerns about national security and the stability of essential services.

Key facts

The hacker group Handala claimed responsibility for a cyber intrusion into California water facilities.
Handala stated the breach was retaliation for alleged US strikes on Iranian water infrastructure.
The group claimed to have obtained data and issued a warning to Washington.
Handala stated they refrained from disrupting water supplies, citing an ethical code.
Screenshots released by Handala appear to show access to network management interfaces in several California cities.
US agencies warned that Iranian-linked hackers, CyberAv3ngers, are disrupting PLCs at U.S. water and energy facilities.

The hacker group Handala has claimed responsibility for a cyber intrusion targeting water facilities in California, asserting the action was a retaliation for alleged US strikes on water infrastructure in southern Iran. The group stated it obtained data from the systems and described the breach as a warning to Washington, though it claimed to have stopped short of disrupting water supplies due to an ethical code.

Handala also stated it published 5 gigabytes of data as evidence of the intrusion, and screenshots released by the group appear to show access to network management interfaces in several California cities, including Bakersfield, Chico, Salinas, and Stockton. However, these images do not independently verify the group's claims.

Separately, US federal agencies, including the FBI, CISA, NSA, EPA, Department of Energy, and US Cyber Command, issued a joint advisory warning that Iranian IRGC-linked hackers, operating as CyberAv3ngers, have been actively breaching Rockwell Automation programmable logic controllers (PLCs) at U.S. water plants, energy facilities, and government buildings since at least March 2026. The advisory noted that some victims have already experienced operational disruptions and financial losses. CyberAv3ngers, also known by other aliases and affiliated with Iran's IRGC Cyber Electronic Command, are reportedly exploiting simple vulnerabilities, such as default passwords and direct internet exposure, to gain access and manipulate systems.

Frequently asked questions

The hacker-activist group Handala claimed responsibility for the cyber intrusion.

Handala stated the hack was in retaliation for alleged US strikes on water infrastructure in southern Iran.

Handala claimed they had the capability to disrupt water supplies but chose not to, citing an ethical code.

The group claimed to have published 5 gigabytes of data and released screenshots appearing to show access to network management interfaces.

US agencies have warned of Iranian IRGC-linked hackers, CyberAv3ngers, disrupting PLCs at US water and energy facilities, causing operational disruptions and financial losses.

What Happens Next

01US authorities are investigating the claims and assessing the extent of the breach.

02Further analysis of the published data by Handala will be conducted.

03Cybersecurity measures for critical infrastructure will likely be reviewed and enhanced.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence