WaterISAC is sharing this (TLP:CLEAR) Private Industry Notification (PIN) for member awareness. The FBI is highlighting the HiatusRAT1 scanning campaigns against Chinese-branded web cameras and DVRs. Private sector partners are encouraged to implement the recommendations listed in the “Mitigation” column of the report to reduce the likelihood and impact of these attack campaigns.
CISA and the EPA recently released a joint fact sheet titled “Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems.” The fact sheet offers guidance to water and wastewater systems organizations on how to minimize the exposure of human-machine interfaces and protect them from cyber threats.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), in partnership with CISA, provided updated guidance intended to aid procuring organizations and manufacturers of digital products and services in choosing and developing technology that is secure by design.
Researchers from Claroty’s Team82 have provided information about the custom-built IoT/OT malware called IOCONTROL which has been used by Iran-affiliated threat actors to attack Israel and U.S.-based OT/IoT devices.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Vulnerability management is a critical process for reducing potential risks associated with security vulnerabilities for organizations of all sizes. Organizations that lack proper vulnerability management are significantly more likely to experience a breach. According to Verizon’s 2023 Data Breach Investigations Report, 60% of breaches involved vulnerabilities for which a patch was available but not applied.
Last week, the Cyber Readiness Institute (CRI), Foundation for Defense of Democracies (FDD), and Microsoft recently released an interim report detailing the findings from the first phase of the Cyber Readiness Program aimed at enhancing cybersecurity in small and medium-sized water and wastewater utilities across the nation.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
