Researchers at the SecurityScorecard STRIKE Team have uncovered a resurgence of the Chinese-affiliated threat group known as Volt Typhoon, indicating it has rebuilt its botnet which was disrupted by the FBI back in January.
The House Committee on Homeland Security released a “Cyber Threat Snapshot” examining the growing threats posed by malign nation-states and criminal networks to U.S. critical infrastructure. The snapshot particularly focuses on the threats posed by the Chinese-affiliated threat groups Volt Typhoon and Salt Typhoon, as well as the Iranian Islamic Revolutionary Guard Corps, both of which have been known to target the water sector.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
A phishing campaign has been identified by researchers at Fortinet where threat actors are using a new variant of the REMCOS (Remote Control System) remote access trojan (RAT). The phishing emails intend to trick victims into opening a malicious Excel attachment disguised as an order file. Once opened, the document exploits a vulnerability which sets off an infection chain ultimately leading to the delivery of a fileless variant of REMCOS.
Today, CISA, the National Security Agency (NSA), the FBI, and international partners published a joint Cybersecurity Advisory (CSA), 2023 Top Routinely Exploited Vulnerabilities. As in prior years, this effort highlights multiple vulnerabilities that threat actors are routinely exploiting on devices and software that remain unpatched or are no longer supported by a vendor.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
Research by a team from Georgia Tech School of Electrical and Computer Engineering has come up with an algorithm that improves upon previous detection methods of identifying internet-exposed ICS devices, in this case PLCs. Dubbed PLCHound, the new algorithm uses advanced language processing and machine learning techniques to identify devices. According to the researchers, PLCHound enabled them to identify 37 times more internet-connected PLCs than were previously estimated.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
