An investigation conducted by industrial cybersecurity firm Dragos into the recent cyberattack on the water treatment plant in Oldsmar, Florida, led to the discovery of a watering hole attack that initially appeared to be aimed at water utilities.

Law enforcement revealed in early February that a hacker had gained remote access to systems at the water plant in Oldsmar and attempted to elevate levels of a certain chemical to a point where it could put the public at risk of being poisoned.

The attacker abused TeamViewer, which staff at the plant had been using to monitor and control systems remotely. Due to password sharing and other poor security practices, it was easy for the hacker to gain access and start making unauthorized changes in an HMI. Fortunately, the breach was spotted — staff noticed the mouse moving on the screen — and a disaster was prevented.

Read more: Security Week