The EPA Office of Inspector General (OIG) has issued a fraud alert regarding a recent trend involving phishing scams that utilize fraudulent EPA Notice of Violation letters. In this scheme, scammers send counterfeit letters to businesses, falsely claiming they have violated environmental regulations like the Clean Air Act and demanding immediate payment of substantial fines.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
CrowdStrike
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Additional Alerts, Updates, and Bulletins:
Today, the EPA released a new resource, "Small System Risk and Resilience Assessment Checklist." This product is designed to assist and wastewater utilities in systematically evaluating threats posed by malevolent acts and natural disasters that could endanger their services. This guidance targets small water or wastewater systems that serve fewer than 50,000 residents.
In addition to other widespread phishing campaigns, there have been notable phishing attacks exploiting Microsoft tools over the last month. A recent campaign is leveraging Microsoft Forms, a tool within the Microsoft 365 product suite designed for collecting feedback and information through surveys, quizzes, and polls. WaterISAC is sharing this for member awareness of current threats in Microsoft tools.
A misconfiguration in Proofpoint’s email security system allows threat actors to send seemingly genuine emails without detection. This campaign, which has been active since January 2024, leverages well-known companies by spoofing their emails and circumventing major security protections, such as SPF and DKIM signatures. WaterISAC is sharing for security awareness as the exploit of Proofpoint’s email protections enables the widespread impersonation of well-known brands.
This post is provided for awareness with most of the content pulled directly from the reporting sources.
Today, CISA and partners released a joint Cybersecurity Advisory (CSA), North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs. The advisory was crafted to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju.
On Tuesday, Florida-based security awareness training company KnowBe4 reported that a North Korean agent, posing as a software engineer, managed to bypass its hiring background checks and spent the initial 25 minutes of employment trying to install malware on a company computer.
Technology plays an essential role in the security of any organization. While it’s important to utilize, and often rely on, security tools to keep our data and organizations safe, it’s important to remember that these same tools are not foolproof. As of late, threat actors have been observed using various tactics (some new) to bypass Secure Email Gateways (SEGs). As Jennifer Lyn Walker, WaterISAC’s Director of Infrastructure Cyber Defense said, “when technology fails to stop threats, we need to be able to recognize the threats that make it into our inboxes.”
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
