Hi All,
SUMMARY
Note: This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge
(ATT&CK®) framework, version 9. See the ATT&CK for Enterprise.
This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA),
the Environmental Protection Agency (EPA), and the National Security Agency (NSA) to highlight ongoing malicious cyber activity-by both known and
unknown actors-targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of U.S. Water and
Wastewater Systems (WWS) Sector facilities. This activity-which includes attempts to compromise system integrity via unauthorized access-threatens
the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities. Note: although cyber threats across critical infrastructure sectors are increasing, this advisory does not intend to indicate specific targeting of the WWS Sector versus others. To secure WWS facilities-including Department of Defense (DoD) water treatment facilities in the United States and abroad-against the TTPs listed below, CISA, FBI, EPA, and NSA strongly urge
organizations to implement the measures described in the Recommended Mitigations section of this advisory.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------