The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The FBI has published another TLP:WHITE FLASH providing indicators of compromise associated with “Hive” ransomware. The Flash indicates that Hive ransomware, which was first discovered in June 2021 and likely operates as an affiliate-based ransomware campaign, primarily employs phishing tactics and remote desktop protocol (RDP) attacks to infiltrate a company’s network. After compromising a network, attackers exfiltrate data and encrypt files on the network before leaving a ransom note with further instructions.
WaterISAC convened its monthly Water Sector Cyber Threat Briefing on August 25. WaterISAC Infrastructure Cyber Defense Director Jennifer Lyn Walker presented.
Utilities using the following SSL VPN products within their environment are strongly encouraged to apply all available patches: Pulse Connect Secure SSL VPN, Fortinet Fortigate SSL VPN, and Citrix Application Delivery Controller (ADC), Gateway and SD-WAN WANOP.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Today, virtually everyone shops online and expects electronic notifications from package couriers regarding order status. That’s why a recently discovered phishing campaign, purporting to be an email from UPS, could have potentially traversed inboxes. The email states that the person’s package had an “exception” and directs them to download an invoice for pickup. Additionally, the email is filled with multiple legitimate links that mask its malicious intent.
The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with the “OnePercent Group” ransomware. According to the FBI, the OnePercent group has used Cobalt Strike to perpetrate ransomware attacks against U.S. companies since November 2020. The group compromises victims through a phishing email containing an attachment that infects the system with the IcedID banking trojan. IcedID downloads additional software, to include Cobalt Strike. Cobalt Strike then moves laterally in the network, primarily with PowerShell remoting.
Organizations that have still not addressed the Microsoft Exchange vulnerabilities from May 2021 and the PetitPotam vulnerability from July 2021 could find themselves victim to recent exploitation activity, including the deployment of ransomware. This past weekend, the Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert warning Microsoft Exchange users to patch servers against actively exploited ProxyShell vulnerabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
In Maine, two public wastewater facilities recently succumbed to ransomware attacks. The attacks occurred in the towns of Mount Desert Island and Limestone over the holiday weekends in April and July, respectively. Both incidents were “fairly minor, there was no threat to the public, there was no violation, no excursion, no health and safety threat,” according to Judy Bruenjes, a wastewater technical assistance engineer for Maine’s Department of Environmental Protection. In the Limestone incident, an outdated computer running Windows 7 was compromised.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
