Malware known as BlackEnergy is believed to have infected industrial control systems in numerous sectors, including the water sector. Three Human-Machine Interface products have been targeted in this campaign: GE Cimplicity, Advantech/Broadwin WebAccess and Siemens WinCC. Vulnerabilities in these products have served as the infection vectors for the malware. Observers believe the source of the malware is a Russian cyber-espionage group. Reportedly, as of yet, BlackEnergy has not been observed damaging, modifying or disrupting the systems it has infected, though some are concerned about its potential for doing so. WaterISAC has several resources for Pro members, including information to help identify whether the malware has infected networks.