In a recent publication, GovTech magazine emphasized the cybersecurity threats facing critical infrastructure. One of the focuses of the article was water and wastewater systems.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
Security researchers have identified a new ransomware group named "Cicada3301," linked to the ALPHV/BlackCat variant and the Brutus botnet. Cicada3301 has been observed targeting VMware ESXi environments, aiming to disrupt virtual machines by shutting them down, deleting snapshots, and encrypting data. The group's first data leak site post appeared on June 25, followed by an invitation for new affiliates to join on the cybercrime forum Ramp. WaterISAC is sharing for broader awareness of threat actor groups and tactics.
Given the constantly evolving nature of the ransomware landscape, it is essential to keep abreast of the latest trends and tactics employed by threat actors. Recent observations such as adapting cybercriminal operations to increased competition, shifting criminal structures in light of law enforcement action, as well as lack of trust among ransomware affiliates highlight the ever-changing nature of this growing threat.
The following five recently observed developments within the ransomware landscape underscore some of the current notable shifts within the ecosystem:
CISA has announced the transition of its cyber incident reporting form to a new CISA Services Portal, aimed at enhancing the reporting process. WaterISAC joins CISA in reminding members of the importance of reporting incidents as it benefits not only their utility but the entire sector and wider community as a whole.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Vulnerabilities & Threats
Yesterday, cybersecurity firm Censys shared live search queries showing hundreds of potentially exposed Versa Director servers (CVE-2024-39717) presenting an open attack surface for threat actors.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
