Today, Immersive's Container 7 Research Team have released a new CTI/OT lab covering how an attacker gained access to a WebUI to open a water valve of a dam in Norway.
We have received reports of a cyber incident that occurred at the Lake Risevatnet Dam, near Svelgen, Norway, in April 2025. A threat actor gained unauthorized access to a web-accessible Human-Machine Interface (HMI) and fully opened a water valve at the facility. This resulted in an excess discharge of 497 liters per second above the mandated minimum water flow. Which persisted for four hours before detection.
This attack highlights a dangerous reality: critical OT systems are increasingly exposed to the internet, making them accessible to threat actors. In this case, control over a dam’s valve system was obtained via an insecure web interface, a scenario that could have had even more severe consequences.
A recent report by Censys identified over 400 exposed web-based interfaces across U.S. water utilities alone. This dam incident in Norway exemplifies the tangible risks posed by such exposures.
In this lab, you will be taken through the attack from an offensive viewpoint, including cracking an HMI and fully opening two valves.
Why should our customers care?
OT environments, including dams, energy grids, and oil pipelines, are foundational to national security and daily life.
These systems cannot be secured using traditional IT playbooks. As OT becomes more connected, tailored security strategies are critical to prevent unauthorized access and catastrophic failures.
Who is it for?
- Incident responders
- SOC analyst
- Threat Hunters
- Red Teamer
- Penetration Testers
- OT Engineers
Here is the link to the lab: https://immersivelabs.online/v2/labs/norwegian-dam-compromise-campaign-analysis
Immerser
Immerser
Immerser