The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, the National Security Agency (NSA), and the United States Secret Service (USSS) have re-released a joint Cybersecurity Advisory on Conti ransomware. The advisory was updated to include indicators of compromise. It also notes that Conti threat actors remain active and reported Conti ransomware attacks against U.S. and international entities have grown to more than 1,000. The advisory also contains mitigation measures to reduce the risk of compromise by Conti ransomware. \
Since November of last year, the infamous Emotet malware has slowly resurged in the wild, currently infecting more than 130,000 systems in 179 countries. Emotet activity ceased in January 2021, after law enforcement agencies took down its server infrastructure.
In a recent Cloudflare blogpost, security researchers from multiple companies warn of a new DDoS attack method they have named TP240PhoneHome. This method utilizes vulnerable versions of the Mitel MiCollab and MiVoice Business Express communications systems, which are largely employed by government and private sector organizations. The TP240PhoneHome method was first observed utilized for DDoS attacks on February 18.
In a recent blog post by Mandiant, security researchers detail techniques used by the Chinese state-sponsored threat actor APT41 against the government networks of multiple U.S. states between the months of May 2021 and February 2022. During this period, the company observed the use of various zero day vulnerabilities, including the notorious Log4j vulnerability, to successfully compromise applications used by at least six states.
WaterISAC and the U.S. Environmental Protection Agency (EPA) are notifying water and wastewater systems about the recent cybersecurity advisory from the National Security Agency (NSA) regarding very small aperture terminal (VSAT) networks. A very small aperture terminal (VSAT) is a two-way ground station that transmits and receives data from satellites. VSAT is largely used to monitor and operate remote infrastructure, particularly when other options are not feasible.
Amidst Russia’s ongoing invasion of Ukraine, threat actors are using phishing emails related to the conflict to deliver malware and infect victim computers with remote access trojans (RAT). After installing RATs on a target system to gain remote access, adversaries can then steal sensitive information, conduct network reconnaissance, disable security software, and other malicious activities. Security researchers at Bitdefender Labs are tracking two distinct phishing campaigns with themes leveraging the conflict. One campaign purports to be a survey about supply chain disruptions.
The FBI has published a Public Service Announcement (PSA) detailing ongoing pervasive fraud schemes in which scammers impersonate law enforcement or government officials in order to extort money or steal personally identifiable information. These threat actors commonly spoof genuine phone numbers and names and use fake credentials of well-known government and law enforcement agencies. Scammers will use an urgent and aggressive tone and refuse to speak to or leave a message with anyone other than their targeted victim, according to the FBI.
The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with RagnarLocker ransomware. The FLASH indicates that since January 2022, RagnarLocker ransomware has targeted at least 52 organizations across 10 critical infrastructure sectors. According to the FBI, members of the RagnarLocker group work as part of a ransomware family and frequently alter obfuscation techniques to avoid detection and prevention. The FLASH includes further technical details regarding this activity and lists recommended mitigations.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
