EPA’s new water sector cybersecurity evaluation program offers a free assessment of cybersecurity gaps or vulnerabilities in the operational technology (OT) used by public water systems (PWSs). It is intended to support a PWS sanitary survey as described in the EPA memorandum, Addressing Public Water System Cybersecurity in Sanitary Surveys or an Alternate Process.
Fortinet has written a blog discussing the use of the EvilExtractor tool in a March 2023 phishing campaign targeting networks in America and Europe. EvilExtractor is claimed to be a legitimate education tool, but researchers discovered it being advertised on criminal markets as an information stealer. EvilExtractor is modular, giving it many capabilities, including the ability to steal and upload data, wipe logs, and install ransomware.
Symantec has written a blog discussing the X_Trader software supply chain attack that impacted critical infrastructure organizations in the United States and Europe, including the energy and financial sectors. X_Trader, developed by Trading Technologies, is typically used for futures trading but a North Korean threat group has been linked to malicious versions utilized to deploy a multi-stage modular backdoor onto victims' systems.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Ransomware attacks continued to be a significant threat to industrial organizations and infrastructure with threat actors employing old and novel tactics to compromise victims, according to Dragos’ most recent first quarter of 2023 Industrial Ransomware Analysis report.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Cybersecurity and Infrastructure Security Agency (CISA) has announced plans to develop and establish Logging Made Easy (LME) tool, a service originally developed and maintained by the United Kingdom’s National Cyber Security Centre (NCSC-UK) until March 31, 2023.
Microsoft has posted a blog providing details on Mint Sandstorm, a threat actor group previously labeled PHOSPHORUS and who is believed to be associated with the Islamic Revolutionary Guard Corps, the intelligence arm of Iran’s military. Over the past year, the group has shifted from network reconnaissance activities to actively targeting U.S. critical infrastructure, including the energy, transportation systems, and chemical sectors.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Qbot malware is once again propagating by exploiting companies email chains, allowing the threat actors behind the malware to compromise more victims and conduct other malicious activities, according to security researchers at Kaspersky.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
