The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
Summary: April is Supply Chain Integrity Month, providing an opportunity for government, industry, and other stakeholders to increase collaboration and the sharing of best practices, risk mitigation strategies, and innovative solutions to safeguard supply chains from threats such as cyberattacks, counterfeiting, and disruptions. This year, CISA is promoting resources, tools, and information divided into four themes that help partners and stakeholders increase ICT supply chain resilience.
Summary: Wired published a recent article featuring a deep dive into the Iranian state-backed hacktivist group known as the CyberAv3ngers, stating “The group known as CyberAv3ngers has, in the last year and a half, proven to be the Iranian government's most active hackers focused on industrial control systems. Its targets include water, wastewater, oil and gas, and many other types of critical infrastructure.” The article provides an overview of the group’s history targeting critical infrastructure, giving an analysis of their tactics and capabilities.
Members using Fortinet FortiGate / FortiOS with SSL-VPN enabled are encouraged to review this notification and address accordingly.
What you need to know: Fortinet warns that threat actors are using a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched.
April 7, 2025
Summary: Google Cloud and CyberScoop have recently shared additional information indicating an expanding effort in scope and scale from the threat of Democratic People’s Republic of Korea (DPRK) IT workers infiltrating businesses in the U.S. and abroad for over a year.
Summary: Today, CISA—in partnership with the NSA, FBI, Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ)—released a joint Cybersecurity Advisory “Fast Flux: A National Security Threat.” This advisory warns organizations, internet service providers (ISPs), and cybersecurity service providers of the ongoing threat of fast flux enabled mal
Summary: CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that alter its behavior.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
