Nation-state attackers from Iran, Russia, and China have been targeting water systems for sabotage, exploiting vulnerabilities such as weak passwords, exposed programmable logic controllers (PLCs), and poor network segmentation. These attacks do not rely on sophisticated malware, but rather on the weaknesses of the systems themselves. The fact that these attacks have been successful using relatively simple methods is a concern, as it highlights the lack of robust security measures in place to protect these critical infrastructure systems. A recent breach involving China is particularly noteworthy, as it suggests that the tactics, techniques, and procedures (TTPs) used by these attackers are evolving1. This shift in attack methods may have significant downstream effects, including regulatory changes and supply-chain disruptions. As a result, practitioners in the field should be vigilant and take steps to bolster the security of their systems, as the potential consequences of a successful attack could be severe, so what matters most is that water system operators take immediate action to address these vulnerabilities and prevent potential sabotage.