In May, U.S. officials began hinting at a heightened concern level for the potential of disruptive cyber attacks against U.S. critical infrastructure from China. The activity was attributed to a group that Microsoft tracks as Volt Typhoon.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA
Dragos continues tracking ransomware incidents impacting industrial organizations and has published its latest findings for Q2 2023. Overall, ransomware activity targeting industrial organizations and infrastructure is sustaining its trend upward resulting in more incidents and new or rebranded threat groups compared to last quarter. Dragos called it “an exceptionally active period” and assesses with moderate confidence that the current trend will continue.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases One Industrial Control Systems Advisory
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
The Australian Cyber Security Centre, the U.S. Cybersecurity and Infrastructure Security Agency, and the U.S. National Security Agency have released a joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.
Dark Reading has written an article discussing Abyss Locker’s recent addition of the capability to target VMware’s ESXi virtualized environments for encryption, increasing risks for ICS owners and operators.
A recently discovered initial access malware family dubbed Nitrogen exploits Google and Bing search advertisements to promote fake software webpages that can infect victims with Cobalt Strike and ransomware payloads, according to security researchers at Sophos.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA is working with Sector Risk Management Agencies (SRMAs) to directly engage with each critical infrastructure sector to develop Sector-Specific Goals (SSGs). In most instances, these goals will likely consist of either new, unique goals with direct applicability to a given sector, or materials to assist sector constituents with effective implementation of the existing cross-sector CPGs.
CISA has released an analysis and infographic detailing the findings from the 121 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2022 (FY22).
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
