Microsoft and the Cyberspace Solarium Commission 2.0 (CSC) have released a report addressing the growing threat to water and wastewater infrastructure cybersecurity.
Members using impacted Unitronics Vision or Samba PLCs are highly encouraged to apply VisiLogic version 9.9.00 to existing devices in your environment.
December 14, 2023
The U.S. cybersecurity landscape faces a critical challenge with the emergence of a highly resilient botnet operated by the China state-sponsored threat actor labeled Volt Typhoon. This botnet has ingeniously repurposed end of life Small Office/Home Office (SOHO) routers from Cisco, Netgear, and Fortinet, and set up a Tor-like covert data transfer network to perform malicious operations.
December 14, 2023
CISA has added language about Cisco VPNs being a possible initial access vector to the alert. Given the widespread use of Cisco products, WaterISAC is sharing this for situational awareness purposes.
June 2, 2022
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Seventeen Industrial Control Systems Advisories
In 2023, cyber threats to critical infrastructure, including the water and wastewater sector, surged, prompting integration of advanced technologies like artificial intelligence and machine learning. Encryption, anomaly detection, and multi-factor authentication strengthened defenses.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Two Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
Today, CISA, the FBI, the National Security Agency, and other international partners released a joint cybersecurity advisory (CSA), titled “Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns,” to raise awareness of the specific spear-phishing techniques used by a Russian-based threat actor group known as Star Blizzard that targets individuals and organizations globally.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
