Entries by

, ,

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas of interest, for information-gathering activity. […]

6 December 2023 by
, ,

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 […]

4 December 2023 by
, ,

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as “the authoring agencies”—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary […]

1 December 2023 by
, ,

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov […]

21 November 2023 by
, ,

Scattered Spider

SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023. […]

15 November 2023 by
, ,

#StopRansomware: Rhysida Ransomware

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see […]

14 November 2023 by
, ,

Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious cyber threat actors […]

13 October 2023 by
, ,

#StopRansomware: AvosLocker Ransomware (Update)

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov […]

11 October 2023 by
, ,

NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations

A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity misconfigurations in large organizations, and detail the tactics, techniques, and procedures (TTPs) actors use to exploit […]

6 October 2023 by
, ,

People’s Republic of China-Linked Cyber Actors Hide in Router Firmware

Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) (hereafter referred to as the “authoring agencies”) are releasing this joint cybersecurity […]

26 September 2023 by