Local media reports the hydraulic pump system protecting Piazza San Marco in Venice has been hacked. A group referring to themselves as either “Infrastructure Destruction Squad” or “Dark Engine” has claimed responsibility for the attack. Furthermore, the group has claimed to have stolen administrative credentials and gained access to the flood risk management system, asserting they can manipulate the floodgates that prevent water from entering the square. 

Aaron Colclough, VP of Operations at Suzu Labs, comments, “Most of what’s circulated on the Venice flood-defense story is still claims from actors. I’m not seeing any reports on indicators of compromise yet. Operational technology is the gear and software that runs physical equipment, not a separate internet-only problem. Plants have to keep output moving, so vendors often connect from outside to fix things, and patches wait until there’s a safe maintenance window. 

“At the same time, staff may have limited visibility into how workstations and email traffic relate to the networks that start pumps or open gates. That environment favors a small set of recurring problems: paths in from the internet, weak or reused passwords, and control gear that stays in service for years. Hardening starts with tightening who can reach plant controls from off site, separating everyday office networks from those controls, and keeping logs of remote maintenance sessions; maturity level can vary a lot by facility.”

Local media asserts that the aim of the threat actors does not appear to be financial, but rather, symbolic, demonstrating the vulnerability of critical infrastructure.