The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with BlackCat/ALPHV ransomware. The Flash notes that BlackCat/ALPHV threat actors operate as a ransomware as a service (RaaS) organization and since March 2022 have compromised at least 60 entities worldwide. The group is reportedly the first successful ransomware entity to employ the RUST programing language, which is considered to be more secure.
The cybersecurity authorities of the U.S., Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) (AA22-110A) to warn organizations of the potential for increased Russian malicious cyber activity as a response to the unprecedented economic costs imposed on Russia as well as the materiel support provided by the U.S. and its allies and partners. Members are encouraged to review the advisory and immediately take action to protect against and mitigate this activity.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Phishing attacks continue to be one of the one of the most common entry vectors for threat actors. Brand impersonation attacks, when adversaries attempt to mimic a website or domain of a well-known brand by using a similar domain name and webpage designed like the actual site, remain one of the most pernicious forms of phishing. A recent report from the IT company Check Point identifies the top brands criminals impersonated in brand phishing attacks in the first quarter of 2022.
Security researchers have uncovered technological and financial links between the Karakurt cyber crime group and the Conti and Diavol ransomware gangs, allowing these threat actors to expand their operations and target additional victims. Karakhurt is a financially motivated threat actor, first identified last summer, and it was previously believed that the group focused exclusively on data exfiltration. However, the group’s link to Conti and Diavol suggest it is expanding its tactics and operations.
The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, and the U.S. Department of Treasury, have published a joint Cybersecurity Advisory on tactics, techniques, and procedures associated with a North Korean state-sponsored advanced persistent threat (APT) group as well as warning that the group is targeting blockchain companies. This North Korean APT group, commonly tracked as the Lazarus Group, uses spear phishing and social engineering to trick individuals into downloading trojanized cryptocurrency applications onto their operating system.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Sophos has posted a blog providing an insightful look into the activity of threat actors loitering on victim networks before finally executing a Lockbit ransomware attack. Researchers described how an unknown threat actor spent over five months exploring a “regional US government agency’s” networks after gaining access to them. Their activity was initially amateurish and lackadaisical, before turning professional in the weeks before the ransom, potentially indicating that a novice attacker had penetrated the network and eventually sold the access to a more sophisticated group.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
