National Cyber Warfare Foundation (NCWF)

Part 3 – Cyber Cossacks Ops Hello cyberwarriors! We are continuing our series on SCADA hacking, and this time we are diving into operations carried out by our Cyber Cossacks together with other Ukrainian hacker units. The Cyber Cossacks is a team of Ukrainian hackers trained and formed by OTW at the request of Ukrainian […]

The post SCADA Hacking: Inside Russian Facilities, Part 3 first appeared on Hackers Arise.

Part 3 – Cyber Cossacks Ops

Hello cyberwarriors!

We are continuing our series on SCADA hacking, and this time we are diving into operations carried out by our Cyber Cossacks together with other Ukrainian hacker units. The Cyber Cossacks is a team of Ukrainian hackers trained and formed by OTW at the request of Ukrainian authorities to defend the country’s digital front and strike enemy infrastructure.

This time, we compromised a company called VKS LLC (Integrated Systems Implementation). According to its website, VKS is based in Kazan, Russia, and specializes in developing and integrating IT solutions across multiple sectors, including business, healthcare, industrial production, and municipal services.

VKS plays a key role in digitizing infrastructure across Russia. They specialize in designing and implementing industrial automation systems, known as ACSTP (Automated Control Systems for Technological Processes). Their services include developing and installing control systems for water treatment plants, heating stations, and other utilities. Also, they provide web-based dispatching systems using cloud technologies to offer alternative solutions to traditional water towers with their own hardware. These integrations made VKS a central node for critical infrastructure and a high-value target. Once the company’s infrastructure was compromised, the access path to all of its connected systems was wide open.

Having successfully gained a foothold inside VKS, we accessed their SCADA environment, along with the systems of their clients. Since many of their customers outsourced their industrial control infrastructure directly to VKS, the compromise reached far beyond what we had initially expected. Below is a breakdown of several companies and organizations that became accessible during this campaign.

Water Utility – Buinsk, Russia

Buinsk is a small town in the Republic of Tatarstan, Russia, located about 137 kilometers southwest of Kazan, near the Karla River. With roots dating back to 1780, Buinsk today functions as the administrative center of the Buinsky District.

The local economy is dominated by agriculture and food processing, particularly dairy, sugar, and alcohol. The town’s water infrastructure was fully outsourced to VKS.

All key parameters of their SCADA systems, including water pressure and flow, could be observed and modified in real time.

Cement Factory – Ulyanovsk, Russia

The Ulyanovsk Oblastnoy Vodokanal is the regional water provider responsible for supplying water to several major facilities in the region. Among those is a large cement plant operated by CEMROS Group, currently under expansion to meet rising regional demand.

This plant relies on uninterrupted water supply for everything from raw material processing to cooling in the production stages. Without proper water pressure, these processes can slow down or fail entirely. Unfortunately for them, their water SCADA environment was not managed locally but instead outsourced, creating a single point of failure.

KomStroyServis – Kazan, Russia

KomStroyServis is a Russian private company that specializes in utility and building maintenance. Established in 2016, it operates mainly in the housing and communal sector. Their core services include maintaining ventilation and chimney systems in apartment blocks, boiler rooms, and industrial buildings. The company has experience working with property management firms, homeowner associations, and municipal clients, often participating in both private and government contracts.

Their SCADA system was focused on water management across residential buildings and small enterprise zones. As with other victims, their systems lacked proper access control, and once we were in, we had full visibility and control of their SCADA panels.

Water Utility – Baevka, Russia

Baevka is a rural settlement in the Republic of Tatarstan with limited digital presence. Like many villages in the region, it likely sustains itself through farming, livestock, and local community support. Despite its small size, Baevka had a fully digitalized water supply system managed through SCADA.

The compromised system showed that this was the only clean water source available in the area. The interface had live values for pump activity, reservoir levels, and pressure distribution.

Water Utility – Laishevo, Russia

Laishevo is another town in Tatarstan, located roughly 60 kilometers southeast of Kazan. With a population of around 9,000, Laishevo serves as the district’s administrative center and has a long history dating back to the days of the Kazan Khanate.

We found multiple programmable logic controllers (PLCs) actively handling pressure, valve control, and reservoir management. System uptime showed no maintenance cycles, no operator lockouts, and no form of layered access protection. The entire water supply for the town was effectively under our remote control.

Nuriyev Clinic – Kazan, Russia

The Nuriyev Clinic is a private medical network in Kazan, focused on reproductive medicine, infertility treatment, urology, and gynecology. Founded in 2003 by Ilyas and Nail Nuriyev, the clinic has since expanded to multiple cities including Izhevsk, Kirov, and Naberezhnye Chelny.

We gained access to the SCADA infrastructure managing environmental conditions in their medical storage warehouses. These systems handled temperature, humidity, and dew point. The warehouse stored various medicaments, and fluctuations in climate conditions could easily compromise their chemical stability. A minor change in storage environment might render certain drugs ineffective or harmful. Real-time values showed temperature zones, sensor readings, and programmable thresholds. All remotely adjustable from our end. Typically, we avoid targeting clinics, unless they are known to provide treatment to individuals identified as Russian war “veterans”.

Conclusion

This campaign confirmed what we have already known – when one company controls infrastructure for multiple clients without proper isolation, one breach is all it takes to take down multiple facilities. VKS LLC served as the brain of industrial systems across Russia, and by gaining access to that one brain, we got everything. Water utilities, cement production, medical warehouses, and communal services were all connected and completely exposed.

SCADA systems are often treated like internal tools that don’t need real security. But as we keep proving time and time again, these tools run real infrastructure. The failure to secure these systems means the failure to protect entire towns, factories, and hospitals.