threat actors

  1. AA21-321A: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activi

    Original release date: November 17, 2021 Summary Actions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implement Link Removed. •...
    • News
    • Thread
    • apt authentication cisa compromise cybersecurity data exfiltration exploitation fbi fortinet indicators infrastructure iran malware microsoft exchange mitigation patch management protection ransomware threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  2. AA21-209A: Top Routinely Exploited Vulnerabilities

    Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau...
    • News
    • Thread
    • advisory cisa cloud security cve cybersecurity exploitation fbi incident response malware microsoft network security patch patch management ransomware remote code execution security updates threat actors vpn vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  3. AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013

    Original release date: July 20, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information...
    • News
    • Thread
    • chinese actors cisa cyberattacks cybersecurity data protection exfiltration fbi ics indicators infrastructure intrusion malware mitigations natural gas phishing pipeline security scada spearphishing threat actors ttps
    • Replies: 0
    • Forum: Security Alerts

  4. AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs

    Original release date: July 19, 2021 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques...
    • News
    • Thread
    • chinese cyber operations cisa credential access cyber intelligence cybersecurity data exfiltration exploitation fbi government advisory incident response information security lateral movement malware mitre att&ck national security network security tactics techniques threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  5. AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department

    Original release date: July 19, 2021 Summary This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source...
    • News
    • Thread
    • apt40 china compromise compromised credentials credential access cyber threat cybersecurity exfiltration hainan indicators information security intellectual property lateral movement malware mitre network defense state security tactics threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  6. AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks

    Original release date: December 1, 2020<br/><h3>Summary</h3><p class="tip-intro" style="font-size: 15px;"><em>This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK®) framework. See the <a href="Techniques - Enterprise | MITRE ATT&CK®">ATT&amp;CK for...
    • News
    • Thread
    • apt cisa cybersecurity data exfiltration fbi incident response malicious activity mitigation multi-factor authentication network security phishing remote access security awareness security policy social engineering tactics techniques think tanks threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  7. AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

    Original release date: September 14, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics...
    • News
    • Thread
    • apt chinese threats cisa cobalt strike command and control cybersecurity data breaches exploits incident response mimikatz mitre att&ck mss network security open source patch management ransomware spearphishing technical information threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  8. AA20-126A: APT Groups Target Healthcare and Essential Services

    Original release date: May 5, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that...
    • News
    • Thread
    • apt groups authentication covid-19 cyber incidents cybersecurity data theft healthcare incident management intellectual property malicious activity mitigation network security password spraying pharmaceuticals remote work research organizations sensitive data supply chains threat actors vpn vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  9. AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor

    Original release date: July 1, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This advisory—written by the...
    • News
    • Thread
    • anonymity apt cisa command and control cybersecurity data exfiltration data manipulation denial of service exploitation fbi incident response indicators of compromise malicious activity network monitoring network security reconnaissance risk mitigation security tools threat actors tor
    • Replies: 0
    • Forum: Security Alerts

  10. AA20-126A: APT Groups Target Healthcare and Essential Services

    Original release date: May 5, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that...
    • News
    • Thread
    • apt groups cisa covid-19 cybersecurity data breach healthcare incident management intellectual property malware mitigation strategies ncsc password spraying pharmaceuticals remote work research organizations security policies sensitive data supply chain threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  11. AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability

    Original release date: January 10, 2020 Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become...
    • News
    • Thread
    • cisa cve-2019-11510 cyber attacks cybersecurity exploitation incident response malware mitigation network security patch management pulse secure rce remote access security advisory software update threat actors unauthorized access unpatched servers vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts

  12. TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers

    Original release date: October 03, 2018 Systems Affected Network Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016...
    • News
    • Thread
    • apt attack vectors cloud computing credential theft cybersecurity data protection incident reporting incident response malicious activity managed service providers mitigation techniques nccic network security operational controls security controls system administration technical alert threat actors threat intelligence vulnerability management
    • Replies: 0
    • Forum: Security Alerts

  13. TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

    Original release date: March 15, 2018 Systems Affected Domain Controllers File Servers Email Servers Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert...
    • News
    • Thread
    • critical infrastructure cyber kill chain cybersecurity dhs email security energy sector fbi incident response indicators of compromise industrial control systems intrusion detection malicious activity malware network security remote access russian government spear phishing technical alert threat actors watering hole attack
    • Replies: 0
    • Forum: Security Alerts

  14. TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors

    Original release date: April 27, 2017 Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial...
    • News
    • Thread
    • attack vectors credential theft cybersecurity data breach defense strategies indicators of compromise intrusion it security it service providers malware nccic network security network traffic plugx rat redleaves risk evaluation threat actors vulnerability windows
    • Replies: 0
    • Forum: Security Alerts