Russia Was Here

Hi Global Recap readers,

A hacker group tied to Russia reportedly seized control of a Norwegian dam for hours.

• People have suspected it for months, despite the government not confirming anything… until today.

• Of course these investigations take time, but why such a long delay? And is Russia the only one pulling stunts like this?

From Stuxnet to this dam takeover, let’s follow the trend. 👇

🌐 WORLD
Fast Scroll News

🇺🇸 Trump Threatens Putin

Trump just threatened "very severe" consequences if Putin refuses a Ukraine ceasefire after their Friday summit in Anchorage. He did not specify the measures, only that Russia would face them if the meeting came up empty.

• Timing: The summit is set for Friday in Anchorage, after today's Berlin-hosted virtual meeting where Zelenskyy joined European leaders and Trump.

• Follow-up: Trump floated a "quick second meeting" with Putin and Zelenskyy if Alaska goes "okay," while keeping timelines vague and Kyiv’s role ambiguous.

• Europe: Macron said Trump was "very clear" about prioritizing a ceasefire, and Germany’s Merz insisted Ukraine be at the table for any talks beyond Alaska.

• Advance: Russian troops are closing in on Pokrovsk in Donetsk, threatening Ukraine’s supply lines and leverage.

🇱🇧 Lebanon Confronts Iran

Lebanese President Joseph Aoun just warned Iran’s top security chief, Ali Larijani, that the days of armed groups getting a free pass are over. Not even Hezbollah is exempt. No one in Lebanon can carry weapons or cozy up to foreign backers, he said, making it clear that outside meddling is off the table.

• Meeting: Aoun told Ali Larijani, Iran’s National Security Council head, that foreign-backed militias are “forbidden” and sovereignty isn’t negotiable.

• Plan: The Lebanese cabinet approved a US-backed roadmap to disarm Hezbollah, aligning with UN Resolution 1701 from 2006, which called for Hezbollah’s disarmament but was never enforced.

• Pushback: Iran’s not on board, though its envoy Larijani vowed support anyway. Hezbollah slammed the roadmap as a “grave sin” and, alongside its Shiite allies, stormed out of the cabinet meeting when the vote came up.

🇮🇷 Iran Mocks Israel

Iran’s President, Masoud Pezeshkian, just publicly trashed Netanyahu’s offer to fix Iran’s water crisis, calling it a mirage. The rebuff followed Netanyahu’s Tuesday video urging Iranians to protest and promising Israeli expertise once Iran is “free.”

• Offer: Netanyahu pledged top water experts, desalination help, and said Israel recycles 90% of wastewater, with aid contingent on regime change.

• Rebuke: Pezeshkian fired back on X in Persian and English, saying, “A regime that deprives #Gaza of water and food now says it will bring water to Iran? A MIRAGE, NOTHING MORE."

• Shortages: Iran’s reservoirs have dropped, heat has strained the grid, rolling blackouts hit industry, offices were shut to save power, and Pezeshkian warned dams could be dry by September or October.

• Impact: Rolling blackouts have hit factories and forced government offices to shut down to save power.

🇨🇳 China Expels US Destroyer

China claims it just "expelled" the USS Higgins from waters near Scarborough Shoal after a tense face-off. This is the most serious US-China naval clash in the South China Sea since 2022.

• Ships: Arleigh Burke–class USS Higgins sailed with the smaller combat ship USS Cincinnati during the patrol near the shoal.

• Claims: China’s Southern Theater Command accused the US of "seriously" violating sovereignty and security.

  • The US countered that the ship was operating lawfully and would "fly, sail, and operate wherever international law allows (...) Nothing China says otherwise will deter us."

• Location: Scarborough Shoal, known as Bajo de Masinloc in the Philippines and Huangyan Dao in China, sits off Luzon and has been a recurring flashpoint.

🇳🇴 NORWAY
Four-Hour
Dam Takeover

Norway just admitted during a presentation on pro-Russian cyber operations that pro-Russian hackers briefly ran a dam in Bremanger in April, opening a valve for hours to make a point. This is a hybrid warfare theater by design, a sabotage meant to signal capability more than cause damage.

What Happened

• Incident: On April 7 in Bremanger, western Norway, attackers opened a valve and kept it running for about four hours before operators intervened.

• Scale: Flow hit roughly 500 liters (132 gallons) per second.

• Impact: There were no injuries or flooding. Thankfully, the dam is not used for energy production, which limits its broader impact.

• Method: Investigators point to an internet-exposed Human-Machine Interface (HMI) guarded by a weak password, allowing direct process control until staff reversed the change.

  • Put simply: a single weak password on a web-facing interface yielded "full process control," not just visibility, for hours.

Attribution

• Security chief Beate Gangås said pro-Russian hackers were behind it, framing rising attacks as meant to "demonstrate what they are capable of."

• She went public "to be prepared," adding, "Our Russian neighbor has become more dangerous."

• The Russian embassy called the claims "unfounded and politically motivated."

• Apparently, a Telegram clip was going around that supposedly showed the control panel sporting a pro-Russian mark during the incident, but I couldn’t track it down.

Why This Tactic

• Officials believe this is less about causing real damage right now and more about spreading fear and swaying opinions.

  • They point to a case in Texas back in January 2024 as part of the pattern. In that incident, a Russian-linked hacktivist group broke into the water system in the small town of Muleshoe, making a storage tank overflow until workers had to shut it off by hand.

• State actors use proxy groups to say, in effect, "look what we can do," then play dumb later.

• Some believe these attacks are just warm-ups for something bigger later. But then, why make them so obvious? You could just as easily tinker with the infrastructure discretely to validate your capabilities and never set off a single alarm.

Stuxnet

If you really want to practically damage an infrastructure under the radar, you need to do it like Stuxnet.

• First spotted in 2010, Stuxnet was a precision-engineered computer worm built to slip into Iran’s Natanz uranium enrichment plant and quietly tear apart centrifuges.

• Analysts believe it wrecked about 1,000 of the facility’s roughly 6,000 centrifuges over several months before anyone caught on.

• How did it do this? Subtly tweaking rotor speeds while feeding fake data to operators so nothing looked wrong, effectively slowing Iran’s nuclear progress by years.

• The worm is thought to have arrived via infected USB drives, jumping an air-gapped network. It exploited multiple zero-day flaws in Windows, took over Siemens Step7 PLCs, rewrote controller logic, and altered spin rates, all while keeping control-room displays perfectly normal.

• Security experts almost universally point to a joint US-Israeli operation, but neither country has ever officially claimed credit..

Weak Public Infrastructure

But this isn't unique to this particular dam. This only exposes a larger trend of chronic weaknesses in public infrastructure security, rooted in outdated design and poor cyber hygiene.

• Legacy Design: Many operational-technology (OT) systems were built for uptime, not cybersecurity, relying on physical isolation that no longer exists once connected to IT networks.

• Insecure by Design: Reviews reveal trivial yet exploitable flaws in nearly all legacy OT platforms, including hard-coded passwords and unauthenticated controls.

• Exposure: Nearly 70,000 OT devices are currently Internet-accessible globally, many of which run unpatched firmware with publicly visible HMI/Supervisory Control and Data Acquisition (SCADA) interfaces.

• Vendor Lock-In: Proprietary protocols and hardware make patching and integrating modern defenses difficult.

• Poor Practices: Weak or default passwords, missing MFA, and unsecured interfaces remain common and easily exploited.