New to read: H(ackers)2O: Attack on City Water Station Destroys Pump. That article is what it is, and I can’t add too much to it other than the note that vendors need to start looking out. To get into target systems, attackers are now going after the systems and access that vendors hold, rather than just directly at a target. RSA is a prime example from early this year. In other words, you might become a target depending on your clients.
Incidentally, taking a very similar approach to classic espionage. (I’ve found this to be a common parallel with today’s nation-state-oriented attackers, i.e. The APT. We shouldn’t be surprised by any of this.)