threat actors

  1. AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks

    Original release date: December 1, 2020<br/><h3>Summary</h3><p class="tip-intro" style="font-size: 15px;"><em>This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK®) framework. See the <a href="Techniques - Enterprise | MITRE ATT&CK®">ATT&amp;CK for...
    • News
    • Thread
    • apt cisa cybersecurity data exfiltration fbi incident response malicious software mitigation multi-factor authentication network security phishing remote access security awareness security policies social engineering tactics techniques think tanks threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  2. AA20-296A: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets

    Original release date: October 22, 2020 Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques This joint cybersecurity...
    • News
    • Thread
    • brute force cisa citrix issue credentials cybersecurity data exfiltration exchange server fbi government targets incident response krb-tgt mfa mitigation network compromise password reset russian apt sql injection threat actors vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts

  3. AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities

    Original release date: September 15, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and...
    • News
    • Thread
    • cisa cve cybersecurity data exfiltration exploit fbi initial access iran mitigation network defense persistence rdp remote access security tactics techniques threat actors vpn vulnerabilities web shells
    • Replies: 0
    • Forum: Security Alerts

  4. AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

    Original release date: September 14, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics...
    • News
    • Thread
    • apt chinese threats cisa cobalt strike command and control cybersecurity data breach exploit incident response mimikatz mitre att&ck mss network security open source patch management ransomware spear phishing technical details threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  5. AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

    Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902...
    • News
    • Thread
    • cisa credential theft cve-2020-5902 cybersecurity data exfiltration detection digital security exploitation f5 big-ip incident response malware mitigation network segmentation patch management remote code execution security security advisory system compromise threat actors vulnerability
    • Replies: 0
    • Forum: Security Alerts

  6. AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

    Original release date: July 16, 2020 Summary This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing...
    • News
    • Thread
    • access control antivirus best practices cybersecurity denial of service email security firewall geolocation incident response malicious software mitigation network spoofing private network removable media security updates situational awareness spoofing threat actors tunneling vulnerability
    • Replies: 0
    • Forum: Security Alerts

  7. AA20-126A: APT Groups Target Healthcare and Essential Services

    Original release date: May 5, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that...
    • News
    • Thread
    • apt groups authentication covid 19 cyber incident cybersecurity data theft healthcare incident management intellectual property malicious software mitigation network security password spraying pharmaceuticals remote work research organizations sensitive data supply chain threat actors vpn vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  8. AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

    Original release date: April 16, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations...
    • News
    • Thread
    • active directory cisa credential dumping cve-2019-11510 cybersecurity detection exploitation incident response indicators of compromise iocs lateral movement mitigation network security pulse secure ransomware remote access remote services threat actors vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts

  9. VIDEO AA20-049A: Ransomware Impacting Pipeline Operations

    Original release date: February 18, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor...
    • News
    • Thread
    • access control backup cisa cybersecurity data security emergency planning incident response industrial control systems it networks mitigation multipoint authentication network segmentation operational technology ot networks pipeline productivity ransomware spear phishing threat actors user training
    • Replies: 0
    • Forum: Security Alerts

  10. AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor

    Original release date: July 1, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This advisory—written by the...
    • News
    • Thread
    • anonymity apt cisa command and control cybersecurity data exfiltration data manipulation denial of service exploitation fbi incident response indicators of compromise malicious software network monitoring network security reconnaissance risk mitigation security software threat actors tor
    • Replies: 0
    • Forum: Security Alerts

  11. AA20-126A: APT Groups Target Healthcare and Essential Services

    Original release date: May 5, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that...
    • News
    • Thread
    • apt groups cisa covid 19 cybersecurity data breach healthcare incident management intellectual property malware mitigation ncsc password spraying pharmaceuticals remote work research organizations security policies sensitive data supply chain threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  12. AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

    Original release date: April 16, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update...
    • News
    • Thread
    • active directory credential theft cve-2019-11510 cyber threats cybersecurity data exfiltration detection exploitation incident response indicators of compromise lateral movement malware mitigation network security patch management pulse secure remote access threat actors vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts

  13. VIDEO AA20-049A: Ransomware Impacting Pipeline Operations

    Original release date: February 18, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. CISA...
    • News
    • Thread
    • backup cisa cybersecurity data integrity emergency hmi incident response industrial control systems infrastructure mitigation network network segmentation operational technology ot network phishing pipeline security productivity ransomware spear phishing threat actors
    • Replies: 0
    • Forum: Security Alerts

  14. AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability

    Original release date: January 10, 2020 Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become...
    • News
    • Thread
    • access denied cisa cve-2019-11510 cyber threats cybersecurity exploitation incident response malware mitigation network security patch management pulse secure rce remote access security advisory software update threat actors unpatched servers vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts

  15. AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide

    Original release date: October 11, 2018 Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.Link Removed[2][3][4]Link Removed In it we highlight the use of five...
    • News
    • Thread
    • apt chinachopper credential theft cybersecurity exfiltration huc incident response jbifrost lateral movement malware mimikatz network defense network monitoring phishing powershellempire publictools remote access security updates threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  16. TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers

    Original release date: October 03, 2018 Systems Affected Network Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016...
    • News
    • Thread
    • apt attack vector cloud computing credential theft cybersecurity data security incident incident response malicious software managed services mitigation nccic network security operational controls security controls system administration technical alert threat actors threat intelligence vulnerability management
    • Replies: 0
    • Forum: Security Alerts

  17. TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

    Original release date: March 15, 2018 Systems Affected Domain Controllers File Servers Email Servers Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert...
    • News
    • Thread
    • critical infrastructure cyber kill chain cybersecurity dhs email security energy sector fbi incident response indicators of compromise industrial control systems intrusion detection malicious software malware network security remote access russian politics spear phishing technical alert threat actors watering hole attack
    • Replies: 0
    • Forum: Security Alerts

  18. TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors

    Original release date: April 27, 2017 | Last revised: May 14, 2017 Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses...
    • News
    • Thread
    • administrativecredentials credential theft cybersecurity data exfiltration hacking healthcare security incident information technology itprotection malware nccic network security plugx public health redleaves remote access trojan security threat actors windows
    • Replies: 0
    • Forum: Security Alerts

  19. TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors

    Original release date: April 27, 2017 Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial...
    • News
    • Thread
    • attack vector credential theft cybersecurity data breach defense strategies indicators of compromise intrusion it services malware nccic network security network traffic plugx rat redleaves risk assessment security threat actors vulnerability windows
    • Replies: 0
    • Forum: Security Alerts