The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
HelloKitty is a ransomware group operated with a great deal of human interaction which has been active since November 2020. The groups’ notoriety comes from infiltrating corporate networks, stealing data, and encrypting systems to demand ransoms to include double extortion. One of their most significant attacks was on CD Projekt Red in February 2021, where they claimed to have stolen source code for games like Cyberpunk 2077 and Witcher 3. In the summer of 2021, they expanded their targets to include the VMware ESXi virtual machine platform using a Linux variant.
In recent weeks, there has been a significant increase in phishing scams specifically directed at USPS customers. One such elaborate operation involves SMS-based phishing attempts designed to trick recipients into divulging personal and financial data. These attacks utilize a fake USPS identity and mimic postal services in numerous countries worldwide.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases One Industrial Control Systems Advisory
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
CISA, the FBI, the National Security Agency, and the U.S. Department of the Treasury have released guidance on improving the security of open source software (OSS) in operational technology (OT) and industrial control systems (ICS).
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
On August 31, 2023, WaterISAC shared the JCSA about the coordinated law enforcement disruption of the Qakbot botnet infrastructure and how organizations could utilize known behaviors to detect and protect against Qakbot activity.
In a recent report from Menlo Security, it was discovered that “Indeed,” a widely recognized global job search platform headquartered in the U.S., boasting over 350 million monthly visitors and a global workforce of more than 14,000 employees, has become the focus of a significant phishing campaign. This campaign underscores the pervasive threat of abusing trust and how actors exploit credible and popular platforms.
According to a recent report from Malwarebytes, ransomware attacks don't typically originate as a fresh problem for organizations; instead, they are largely the grim culmination of unresolved network compromises and inefficient security controls. According to the report, threat actors gain initial access through stolen login credentials, deployed malware, or established backdoors. The report notes that the majority of reinfections stem from the failure to address underlying vulnerabilities that led to the initial breach and improper remediations.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Three Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
