From destructive wipers and malware disguised as anti-virus, Ukraine is suffering from cyber attacks against its own infrastructure and organizations.
The BazarBackdoor malware has been observed spreading via corporate website contact forms rather than its typical phishing email attack chain, allowing it to evade security software.
The Qbot/Qakbot malware is “extremely active” and propagating itself via a new phishing campaign, according to security researchers. The botnet, which WaterISAC has reported on numerous times, is a highly modular malware used for many malign activities such as credential harvesting and dropping ransomware.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Approved by the House of Representatives on March 9, 2022 and the Senate on March 10 as Division Y of H.R. 2471, the Consolidated Appropriations Act of 2022.
Brief summary:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, the National Security Agency (NSA), and the United States Secret Service (USSS) have re-released a joint Cybersecurity Advisory on Conti ransomware. The advisory was updated to include indicators of compromise. It also notes that Conti threat actors remain active and reported Conti ransomware attacks against U.S. and international entities have grown to more than 1,000. The advisory also contains mitigation measures to reduce the risk of compromise by Conti ransomware. \
Since November of last year, the infamous Emotet malware has slowly resurged in the wild, currently infecting more than 130,000 systems in 179 countries. Emotet activity ceased in January 2021, after law enforcement agencies took down its server infrastructure.
In a recent Cloudflare blogpost, security researchers from multiple companies warn of a new DDoS attack method they have named TP240PhoneHome. This method utilizes vulnerable versions of the Mitel MiCollab and MiVoice Business Express communications systems, which are largely employed by government and private sector organizations. The TP240PhoneHome method was first observed utilized for DDoS attacks on February 18.
In a recent blog post by Mandiant, security researchers detail techniques used by the Chinese state-sponsored threat actor APT41 against the government networks of multiple U.S. states between the months of May 2021 and February 2022. During this period, the company observed the use of various zero day vulnerabilities, including the notorious Log4j vulnerability, to successfully compromise applications used by at least six states.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
