Summary: Yesterday, CISA—in partnership with the FBI and MS-ISAC—released a joint Cybersecurity Advisory, titled “#StopRansomware: Medusa Ransomware.” This advisory provides tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and detection methods associated with known Medusa ransomware activity.
Summary: In a recent report and case study, Dragos details their work helping a combined electric and water utility remediate the impact of a cyber attack from the Chinese-affiliated threat group known as Volt Typhoon.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT/ICS Vulnerability Management
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Summary: MS-ISAC recently released a new report titled “Strengthening Critical Infrastructure,” highlighting the growing cyber threats to critical infrastructure and the essential role of information sharing between state and local government organizations in national security. The report brings awareness to a surge of attacks by nation-state-affiliated and other criminal groups targeting state, local, tribal, and territorial (SLTT) installations that often contribute to undermining public trust.
Summary: Yesterday, the FBI released a Public Service Announcement to highlight that the Chinese government is using formal and informal connections with freelance cyber threat actors and information security (InfoSec) companies to compromise computer networks worldwide. China’s government agencies are able to weaponize Infosec companies by using their expertise to gain unauthorized access to victim networks to collect for China’s intelligence services.
Summary: Yesterday, in a blog post, Microsoft Threat Intelligence shared new details about the Chinese-affiliated cyber threat actor known as Silk Typhoon. They warn that Silk Typhoon is targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. Microsoft has confirmed breaches across multiple sectors including government, IT services, healthcare, defense, education, NGOs, and energy.
Summary: WaterISAC has been made aware of water industry-related websites that have been infected with SocGholish malware. Certain links on these websites have been observed re-directing users to fake browser update webpages. This is done to trick the user into downloading a payload which ultimately infects the system with SocGholish malware.
Summary: On March 3, 2025, Broadcom patched three actively exploited vulnerabilities, all of which threat actors are actively exploiting, affecting VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. These vulnerabilities affect VMware ESXi versions 7.0 and 8.0, VMware Workstation 17.x, and VMware Fusion 13.x.
Summary: The Idaho National Laboratory (INL) and the state of Florida are working together on an innovative cybersecurity project focused on safeguarding Florida’s water infrastructure from cyber threats. The Florida Institute for Cybersecurity Research at the University of Florida (UF) will lend support and expertise to the program.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
