{"id":40944,"date":"2021-05-19T13:51:44","date_gmt":"2021-05-19T13:51:44","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32300\/Florida-Water-Plant-Compromise-Came-Hours-After-Worker-Visited-Malicious-Site.html"},"modified":"2021-05-19T13:51:44","modified_gmt":"2021-05-19T13:51:44","slug":"florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/","title":{"rendered":"Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site"},"content":{"rendered":"<figure class=\"intro-image intro-left\"><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/05\/oldsmar-water-800x580.jpeg\" alt=\"A small-town water treatment facility.\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"><a title=\"51 posters participating, including story author\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/gadgets\/2021\/05\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">66<\/span> <span class=\"visually-hidden\"> with 51 posters participating, including story author<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p><!-- cache hit 213:single\/related:ac286b19b04d60201bb1eee764df86bf --><!-- empty --><\/p>\n<p>An employee for the city of Oldsmar, Florida, visited a malicious website targeting water utilities just hours before someone broke into the computer system for the city\u2019s water treatment plant and <a href=\"https:\/\/arstechnica.com\/information-technology\/2021\/02\/computer-intruder-tried-to-poison-drinking-water-for-a-small-florida-city\/\">tried to poison drinking water<\/a>, security firm Dragos said Tuesday. Ultimately, the site likely played no role in the intrusion, but the incident remains unsettling, the security firm said.<\/p>\n<p>The website, which belonged to a Florida water utility contractor, had been compromised in late December by hackers who then hosted malicious code that seemed to target water utilities, particularly those in Florida, Dragos researcher Kent Backman wrote in a <a href=\"https:\/\/www.dragos.com\/blog\/investigating-the-watering-hole-linked-to-the-oldsmar-water-treatment-facility-breach\/\">blog post<\/a>. More than 1,000 end-user computers visited the site during the 58-day window that the site was infected.<\/p>\n<p>One of those visits came on February 5 at 9:49 am ET from a computer on a network belonging to the City of Oldsmar. In the evening of the same day, an unknown actor gained unauthorized access to the computer interface used to adjust the chemicals that treat drinking water for the roughly 15,000 residents of the small city about 16 miles northwest of Tampa.<\/p>\n<p>The intruder changed the level of lye to 11,100 parts per million, a potentially fatal increase from the normal amount of 100 ppm. The change was quickly detected and rolled back.<\/p>\n<p>So-called watering-hole attacks have become frequent in computer hacking crimes that target specific industries or groups of users. Just as predators in nature lie in wait near watering holes used by their prey, hackers often compromise one or more websites frequented by the target group and plant malicious code tailored to those who visit them. Dragos said the site it found appeared to target water utilities, especially those in Florida.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>\u201cThose who interacted with the malicious code included computers from municipal water utility customers, state and local government agencies, various water industry-related private companies, and normal internet bot and website crawler traffic,\u201d Backman wrote. \u201cOver 1,000 end-user computers were profiled by the malicious code during that time, mostly from within the United States and the State of Florida.\u201d<\/p>\n<p>Here\u2019s a map showing the locations of those computers:<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/05\/watering-hole-visitors.jpg\" class=\"enlarge\" data-height=\"614\" data-width=\"1081\" alt=\"Geolocation of US fingerprinted client computers.\"><img loading=\"lazy\" decoding=\"async\" alt=\"Geolocation of US fingerprinted client computers.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/05\/watering-hole-visitors-640x364.jpg\" width=\"640\" height=\"364\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/05\/watering-hole-visitors.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/05\/watering-hole-visitors.jpg\" class=\"enlarge-link\" data-height=\"614\" data-width=\"1081\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Geolocation of US fingerprinted client computers.<\/div>\n<\/figcaption><\/figure>\n<h2>Detailed information collected<\/h2>\n<p>The malicious code gathered more than 100 pieces of detailed information about visitors, including their operating system and CPU type, browser and supported languages,&nbsp;time zone, geolocation services, video codecs, screen dimensions, browser plugins, touch points, input methods, and whether cameras, accelerometers, or microphones were present.<\/p>\n<p>The malicious code also directed visitors to two separate sites that collected cryptographic hashes that uniquely identified each connecting device and uploaded the fingerprints to a database hosted at bdatac.herokuapp[.]com. The fingerprinting script used code from four different code projects: core-js, UAParser, regeneratorRuntime, and a data-collection script observed on only two other websites, both of which are associated with a domain registration, hosting, and web development company.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/05\/watering-hole-site.jpg\" class=\"enlarge\" data-height=\"527\" data-width=\"1293\" alt=\"Florida water utility contractor website compromised with a unique browser enumeration and fingerprinting script.\"><img loading=\"lazy\" decoding=\"async\" alt=\"Florida water utility contractor website compromised with a unique browser enumeration and fingerprinting script.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/05\/watering-hole-site-640x261.jpg\" width=\"640\" height=\"261\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/05\/watering-hole-site-1280x522.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/05\/watering-hole-site.jpg\" class=\"enlarge-link\" data-height=\"527\" data-width=\"1293\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Florida water utility contractor website compromised with a unique browser enumeration and fingerprinting script.<\/div>\n<\/figcaption><\/figure>\n<p>Dragos said it found only one other site serving the complex and sophisticated code to visitors. The site, DarkTeam[.]store, purports to be an underground market that supplies thousands of customers with gift cards and accounts. A portion of the site, company researchers found, may also be a check-in location for systems infected with a recent variant of botnet malware known as <a href=\"https:\/\/www.carbonblack.com\/blog\/threat-analysis-unit-tau-threat-intelligence-notification-tofsee-botnet\">Tofsee<\/a>.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>Dragos also uncovered evidence that the same actor hacked the&nbsp;DarkTeam site and the water-infrastructure construction company site on the same day, December 20, 2020. Dragos observed 12,735 IP addresses it suspects are Tofsee-infected systems connecting to a nonpublic page, meaning it required authentication. The browser then presented a user agent string with a peculiar \u201cTesseract\/1.0\u201d artifact in it.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/05\/user-agent-artifact.jpg\" class=\"enlarge\" data-height=\"356\" data-width=\"900\" alt=\"Unique \u201cTesseract\/1.0\u201d user agent substring artifact associated with browser check-ins to a restricted page on the darkteam.store site.\"><img loading=\"lazy\" decoding=\"async\" alt=\"Unique \u201cTesseract\/1.0\u201d user agent substring artifact associated with browser check-ins to a restricted page on the darkteam.store site.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/05\/user-agent-artifact-640x253.jpg\" width=\"640\" height=\"253\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/05\/user-agent-artifact.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/05\/user-agent-artifact.jpg\" class=\"enlarge-link\" data-height=\"356\" data-width=\"900\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Unique \u201cTesseract\/1.0\u201d user agent substring artifact associated with browser check-ins to a restricted page on the darkteam.store site.<\/div>\n<\/figcaption><\/figure>\n<h2>Not your typical watering hole<\/h2>\n<p>\u201cWith the forensic information we collected so far, Dragos\u2019 best assessment is that an actor deployed the watering hole on the water infrastructure construction company site to collect legitimate browser data for the purpose of improving the botnet malware\u2019s ability to impersonate legitimate web browser activity,\u201d Backman wrote. \u201cThe botnet\u2019s use of at least ten different cipher handshakes or JA3 hashes, some of which mimic legitimate browsers, compared to the widely published hash of a single handshake of a previous Tofsee bot iteration, is evidence of botnet improvement.\u201d<\/p>\n<p>Dragos, which helps secure industrial control systems used by governments and private companies, said it initially worried that the site posed a significant threat because of its:<\/p>\n<ul>\n<li>Focus on Florida<\/li>\n<li>Temporal correlation to the Oldsmar intrusion<\/li>\n<li>Highly encoded and sophisticated JavaScript<\/li>\n<li>Few code locations on the Internet<\/li>\n<li>Similarity to watering-hole attacks by other ICS-targeting activity groups such as <a href=\"https:\/\/www.dragos.com\/threat\/dymalloy\/\">DYMALLOY<\/a>, <a href=\"https:\/\/www.dragos.com\/threat\/allanite\/\">ALLANITE<\/a>, and&nbsp;<a href=\"https:\/\/www.dragos.com\/threat\/raspite\/\">RASPITE<\/a>.<\/li>\n<\/ul>\n<p>Ultimately, Dragos doesn\u2019t believe the watering-hole site served malware delivered any exploits or tried to gain unauthorized access to visiting computers. Plant employees, <a href=\"https:\/\/arstechnica.com\/information-technology\/2021\/02\/breached-water-plant-employees-used-the-same-teamviewer-password-and-no-firewall\/\">government officials later disclosed<\/a>, used TeamViewer on an unsupported Windows 7 PC to remotely access SCADA systems that controlled the water treatment process. What&#8217;s more, the TeamViewer password was shared among employees.<\/p>\n<p>Backman, however, went on to say that the discovery should nevertheless be a wake-up call. Olsdmar officials didn&#8217;t immediately respond to a request for comment.<\/p>\n<p>\u201cThis is not a typical watering hole,\u201d he wrote. \u201cWe have medium confidence it did not directly compromise any organization. But it does represent an exposure risk to the water industry and highlights the importance of controlling access to untrusted websites, especially for Operational Technology (OT) and Industrial Control System (ICS) environments.\u201d<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32300\/Florida-Water-Plant-Compromise-Came-Hours-After-Worker-Visited-Malicious-Site.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":40945,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9379],"class_list":["post-40944","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackergovernmentusacyberwarterrorscada"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-19T13:51:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/05\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"580\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site\",\"datePublished\":\"2021-05-19T13:51:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\\\/\"},\"wordCount\":945,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site.jpg\",\"keywords\":[\"headline,hacker,government,usa,cyberwar,terror,scada\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\\\/\",\"name\":\"Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site.jpg\",\"datePublished\":\"2021-05-19T13:51:44+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site.jpg\",\"width\":800,\"height\":580},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,usa,cyberwar,terror,scada\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentusacyberwarterrorscada\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/","og_locale":"en_US","og_type":"article","og_title":"Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-05-19T13:51:44+00:00","og_image":[{"width":800,"height":580,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/05\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site","datePublished":"2021-05-19T13:51:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/"},"wordCount":945,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/05\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site.jpg","keywords":["headline,hacker,government,usa,cyberwar,terror,scada"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/","url":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/","name":"Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/05\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site.jpg","datePublished":"2021-05-19T13:51:44+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/05\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/05\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site.jpg","width":800,"height":580},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/florida-water-plant-compromise-came-hours-after-worker-visited-malicious-site\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,usa,cyberwar,terror,scada","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentusacyberwarterrorscada\/"},{"@type":"ListItem","position":3,"name":"Florida Water Plant Compromise Came Hours After Worker Visited Malicious Site"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40944","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40944"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40944\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/40945"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40944"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40944"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}