Summary: Yesterday, the FBI released a Public Service Announcement (PSA) providing an update to previously shared guidance regarding the Democratic People’s Republic of Korea (North Korea) IT worker threat to U.S. organizations. The PSA shares how North Korea is evading U.S. and U.N. sanctions by targeting private companies to illicitly generate substantial revenue for the regime.
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
ICS Advisories:
On July 24, 2025, CISA Released Six Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
Summary: WaterISAC and its Champion ThreatSTOP hosted a dedicated webinar on strengthening cyber resilience in the water sector on Wednesday, July 23. In the session, Dr. Paul Mockapetris, inventor of DNS and ThreatSTOP’s Chief Scientist, detailed the origin of ThreatSTOP and explained how the platform was purpose built to solve the systemic cybersecurity challenges facing critical infrastructure like the water sector.
July 22, 2025
ACTION MAY BE REQUIRED by utilities using impacted on-premises Microsoft SharePoint Server.
Summary: WaterISAC is pleased to share that the American Water Works Association (AWWA), with the help of many subject matter experts (SMEs) within the water sector including WaterISAC, has released significant updates and revisions to its cybersecurity resources to aid utilities in building their cyber resilience. This comes as water and wastewater systems in the U.S.
Summary: Proof-of-Concept (PoC) exploits have been released for a vulnerability in Fortinet FortiWeb that WaterISAC drew awareness to in last week’s SRU.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
ICS Advisories:
On July 17, 2025, CISA Released Three Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
