In response to recent events where unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released joint Cybersecurity Advisory AA21-042A: Compromise of U.S. Water Treatment Facility. This advisory outlines how cybercriminals exploit desktop sharing software and end-of-life operating systems to gain unauthorized access to systems.
