The Qbot/Qakbot malware is “extremely active” and propagating itself via a new phishing campaign, according to security researchers. The botnet, which WaterISAC has reported on numerous times, is a highly modular malware used for many malign activities such as credential harvesting and dropping ransomware.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Approved by the House of Representatives on March 9, 2022 and the Senate on March 10 as Division Y of H.R. 2471, the Consolidated Appropriations Act of 2022.
Brief summary:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, the National Security Agency (NSA), and the United States Secret Service (USSS) have re-released a joint Cybersecurity Advisory on Conti ransomware. The advisory was updated to include indicators of compromise. It also notes that Conti threat actors remain active and reported Conti ransomware attacks against U.S. and international entities have grown to more than 1,000. The advisory also contains mitigation measures to reduce the risk of compromise by Conti ransomware. \
Since November of last year, the infamous Emotet malware has slowly resurged in the wild, currently infecting more than 130,000 systems in 179 countries. Emotet activity ceased in January 2021, after law enforcement agencies took down its server infrastructure.
In a recent Cloudflare blogpost, security researchers from multiple companies warn of a new DDoS attack method they have named TP240PhoneHome. This method utilizes vulnerable versions of the Mitel MiCollab and MiVoice Business Express communications systems, which are largely employed by government and private sector organizations. The TP240PhoneHome method was first observed utilized for DDoS attacks on February 18.
In a recent blog post by Mandiant, security researchers detail techniques used by the Chinese state-sponsored threat actor APT41 against the government networks of multiple U.S. states between the months of May 2021 and February 2022. During this period, the company observed the use of various zero day vulnerabilities, including the notorious Log4j vulnerability, to successfully compromise applications used by at least six states.
WaterISAC and the U.S. Environmental Protection Agency (EPA) are notifying water and wastewater systems about the recent cybersecurity advisory from the National Security Agency (NSA) regarding very small aperture terminal (VSAT) networks. A very small aperture terminal (VSAT) is a two-way ground station that transmits and receives data from satellites. VSAT is largely used to monitor and operate remote infrastructure, particularly when other options are not feasible.
Amidst Russia’s ongoing invasion of Ukraine, threat actors are using phishing emails related to the conflict to deliver malware and infect victim computers with remote access trojans (RAT). After installing RATs on a target system to gain remote access, adversaries can then steal sensitive information, conduct network reconnaissance, disable security software, and other malicious activities. Security researchers at Bitdefender Labs are tracking two distinct phishing campaigns with themes leveraging the conflict. One campaign purports to be a survey about supply chain disruptions.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
