0

Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization

Feb 14, 2024 / in Uncategorized

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an unidentified threat actor compromised network…

Read More
0

PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

Feb 1, 2024 / in Uncategorized

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with…

Read More
0

Known Indicators of Compromise Associated with Androxgh0st Malware

Jan 12, 2024 / in Uncategorized

SUMMARY The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Multiple, ongoing investigations and trusted third party reporting yielded the IOCs and TTPs,…

Read More
0

#StopRansomware: ALPHV Blackcat

Dec 19, 2023 / in Uncategorized

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov…

Read More
0

Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment

Dec 13, 2023 / in Uncategorized

SUMMARY In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) at the request of a Healthcare and Public Health (HPH) sector organization to identify vulnerabilities and areas for improvement. An RVA is a two-week penetration test of an entire organization, with one week spent on external testing…

Read More
0

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

Dec 12, 2023 / in Uncategorized

SUMMARY The U.S. Federal Bureau of Investigation (FBI), U.S. Cybersecurity & Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear,…

Read More
0

#StopRansomware: Play Ransomware

Dec 11, 2023 / in Uncategorized

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov…

Read More
0

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

Dec 6, 2023 / in Uncategorized

The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas of interest, for information-gathering activity….

Read More
0

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

Dec 4, 2023 / in Uncategorized

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5…

Read More
0

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

Dec 1, 2023 / in Uncategorized

SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as “the authoring agencies”—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary…

Read More