On Tuesday, the Michigan Department of Environment, Great Lakes, and Energy (EGLE) unveiled an initiative aimed at enhancing cybersecurity preparedness for drinking water and wastewater treatment operators throughout Michigan. This initiative intends to establish a comprehensive strategy that bolsters operators' resilience against both online and offline threats.
In a recent publication, GovTech magazine emphasized the cybersecurity threats facing critical infrastructure. One of the focuses of the article was water and wastewater systems.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
Security researchers have identified a new ransomware group named "Cicada3301," linked to the ALPHV/BlackCat variant and the Brutus botnet. Cicada3301 has been observed targeting VMware ESXi environments, aiming to disrupt virtual machines by shutting them down, deleting snapshots, and encrypting data. The group's first data leak site post appeared on June 25, followed by an invitation for new affiliates to join on the cybercrime forum Ramp. WaterISAC is sharing for broader awareness of threat actor groups and tactics.
Given the constantly evolving nature of the ransomware landscape, it is essential to keep abreast of the latest trends and tactics employed by threat actors. Recent observations such as adapting cybercriminal operations to increased competition, shifting criminal structures in light of law enforcement action, as well as lack of trust among ransomware affiliates highlight the ever-changing nature of this growing threat.
The following five recently observed developments within the ransomware landscape underscore some of the current notable shifts within the ecosystem:
CISA has announced the transition of its cyber incident reporting form to a new CISA Services Portal, aimed at enhancing the reporting process. WaterISAC joins CISA in reminding members of the importance of reporting incidents as it benefits not only their utility but the entire sector and wider community as a whole.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Vulnerabilities & Threats
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
