The infamous malware botnet Emotet continues to resurge and propagate through persistent scams. Recently, Emotet was observed in a campaign leveraging tax season themed lures and impersonating the IRS to trick victims into downloading the malicious botnet. In these new campaigns, Emotet threat actors send out supposed “tax documents” for recipients to view or fill out and return to the sender.
The FBI and the Department of the Treasury released a joint Cybersecurity Advisory (CSA) detailing indicators of compromise associated with AvosLocker ransomware. AvosLocker operates as a Ransomware-as-a-Service (RaaS) affiliate-based group and has targeted several critical infrastructure sectors in the U.S. and across the world, including government facilities.
For several months the White House, Cybersecurity and Infrastructure Security Agency (CISA), and other federal partners have been warning all U.S. organizations to be prepared for the potential for Russian state-sponsored cyber activity against our businesses and national critical infrastructure. The preparedness guidance has been informed by historical activity and incidents from Russian adversaries and issued out of an abundance of caution, until now.
Security researchers have identified a new Ransomware-as-a-Service (Raas) family dubbed LokiLocker that has been active in the wild since August 2021. The ransomware employs file encryption to extort its victims and data wiping capabilities that can make an infected device unusable if a victim fails to pay the ransom. To obfuscate its activities, LokiLocker displays a fake Windows Update screen and disables multiple Windows security applications. It also deletes backup files and shadow copies to prevent data recovery.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA) – Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability (AA22-074A) – to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitatio
From destructive wipers and malware disguised as anti-virus, Ukraine is suffering from cyber attacks against its own infrastructure and organizations.
The BazarBackdoor malware has been observed spreading via corporate website contact forms rather than its typical phishing email attack chain, allowing it to evade security software.
The Qbot/Qakbot malware is “extremely active” and propagating itself via a new phishing campaign, according to security researchers. The botnet, which WaterISAC has reported on numerous times, is a highly modular malware used for many malign activities such as credential harvesting and dropping ransomware.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
