While CISA assess that there are not currently any specific credible threats to the U.S. homeland, all organizations are urged to be mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine.
The FBI and the U.S. Secret Service have published a TLP:WHITE Joint Cybersecurity Advisory providing indicators of compromise and other information concerning BlackByte ransomware. The advisory notes that since November 2021, multiple U.S. and foreign organizations have been compromised by BlackByte, including in at least three U.S. critical infrastructure sectors. BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows hosts systems.
As geopolitical tensions continue to escalate regarding Russia and Ukraine, multiple federal agencies continue emphasizing the importance for all organizations to remain vigilant, implement cybersecurity measures, and be prepared to respond to disruptive cyber attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, National Security Agency (NSA), Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK), just published a joint Cybersecurity Advisory outlining the growing international threat posed by ransomware over the past year. The advisory, 2021 Trends Show Increased Globalized Threat of Ransomware, summarizes the top ransomware trends observed across all three countries.
The FBI has published a Public Service Announcement (PSA) regarding the increasing practice of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts. In 2021 alone, the FBI received 1,611 SIM swapping complaints with losses of more than $68 million. According to the FBI, “SIM swapping is a malicious technique where criminal actors target mobile carriers to gain access to victims' bank accounts, virtual currency accounts, and other sensitive information.
Qbot/Qakbot remains one of the most widespread malware variants. A new report from researchers at DFIR reveal that Qbot is used to steal sensitive data and execute other malign tasks in a very short time frame. Qbot, which WaterISAC reported on last year, is a highly modular malware used for many nefarious activities such as credential harvesting and dropping ransomware. Qbot usually spreads via phishing emails.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with LockBit 2.0 ransomware. The FLASH indicates LockBit 2.0 threat actors operate as an affiliate run Ransomware-as-a-Service (RaaS) and employ a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. Some techniques these threat actors include, but are not limited to, purchased access, unpatched vulnerabilities, insider access, and zero day exploits.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
