Threats

Note: Most of my rss feeds on this page are currently broken. Sorry about that. Please consider the “Threats” section under construction for now.

Department of State

The Dept of State has several threat rss feeds, but they aren’t always up.

DHS

Threat information from the Department of Homeland Security (DHS), including the National Terrorism Advisory System and Cybersecurity alerts.

National Terrorism Advisory System (NTAS) Alerts

    Feed has no items.

Cybersecurity

  • AA21-209A: Top Routinely Exploited Vulnerabilities
    by CISA on July 28, 2021 at 12:00 pm

    Original release date: July 28, 2021SummaryThis Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).  This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.   Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide. However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system.  Click here for a PDF version of this report. Technical DetailsKey […]

  • AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013
    by CISA on July 20, 2021 at 1:00 pm

    Original release date: July 20, 2021 | Last revised: July 21, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information, including indicators of compromise (IOCs), provided in this advisory in 2012 to affected organizations and stakeholders. This Joint Cybersecurity Advisory—coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI)—provides information on a spearphishing and intrusion campaign conducted by state-sponsored Chinese actors that occurred from December 2011 to 2013, targeting U.S. oil and natural gas (ONG) pipeline companies. CISA and the FBI provided incident response and remediation support to a number of victims of this activity. Overall, the U.S. Government identified and tracked 23 U.S. natural gas […]

  • AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department
    by CISA on July 19, 2021 at 11:00 am

    Original release date: July 19, 2021 | Last revised: July 20, 2021SummaryThis Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This advisory provides APT40’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help cybersecurity practitioners identify and remediate APT40 intrusions and established footholds. APT40—aka BRONZE MOHAWK, FEVERDREAM, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, Leviathan, MUDCARP, Periscope, Temp.Periscope, and Temp.Jumper—is located in Haikou, Hainan Province, People’s Republic of China (PRC), and has been active since at least 2009. APT40 has targeted governmental organizations, companies, and universities in a wide range of industries—including biomedical, robotics, and maritime […]

  • AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs
    by CISA on July 19, 2021 at 11:00 am

    Original release date: July 19, 2021SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for referenced defensive tactics and techniques. The National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China state-sponsored malicious cyber activity is a major threat to U.S. and Allied cyberspace assets. Chinese state-sponsored cyber actors aggressively target U.S. and allied political, economic, military, educational, and critical infrastructure (CI) personnel and organizations to steal sensitive data, critical and emerging key technologies, intellectual property, and personally identifiable information (PII). Some target sectors include managed […]

  • AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs
    by CISA on May 28, 2021 at 10:29 pm

    Original release date: May 28, 2021 | Last revised: May 29, 2021SummaryThis Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are engaged in addressing a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs). A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact, a legitimate email marketing software company, to spoof a U.S.-based government organization and distribute links to malicious URLs.[1] CISA and FBI have not determined that any individual accounts have been specifically targeted by this campaign. Note: CISA and FBI acknowledge open-source reporting attributing the […]

  • AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
    by CISA on May 11, 2021 at 7:00 pm

    Original release date: May 11, 2021 | Last revised: July 8, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of a ransomware attack affecting a critical infrastructure (CI) entity—a pipeline company—in the United States. Malicious cyber actors deployed DarkSide ransomware against the pipeline company’s information technology (IT) network.[1] At this time, there is no indication that the entity’s operational technology (OT) networks have been directly affected by the ransomware. CISA and FBI urge CI asset owners and operators to adopt a heightened state of awareness and implement the recommendations listed in the Mitigations section of this Joint Cybersecurity Advisory, including implementing […]

  • AA21-116A: Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders
    by CISA on April 26, 2021 at 3:00 pm

    Original release date: April 26, 2021SummaryThe Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—will continue to seek intelligence from U.S. and foreign entities through cyber exploitation, using a range of initial exploitation techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks. The SVR primarily targets government networks, think tank and policy analysis organizations, and information technology companies. On April 15, 2021, the White House released a statement on the recent SolarWinds compromise, attributing the activity to the SVR. For additional detailed information on identified vulnerabilities and mitigations, see the National Security Agency (NSA), Cybersecurity and […]

  • AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
    by CISA on April 20, 2021 at 3:03 pm

    Original release date: April 20, 2021 | Last revised: July 21, 2021SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting a number of U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020 or earlier related to vulnerabilities in certain Ivanti Pulse Connect Secure products. Since March 31, 2021, CISA and Ivanti have assisted multiple entities whose vulnerable Pulse Connect Secure products have been exploited by a cyber threat actor. These entities confirmed the malicious activity after running the Pulse Secure Connect Integrity Tool. To gain initial access, the threat actor is leveraging multiple vulnerabilities, including CVE-2019-11510, CVE-2020-8260, CVE-2020-8243, and the newly disclosed CVE-2021-22893. The threat actor is using this access to place webshells on the Pulse Connect Secure appliance for further access and persistence. […]

  • AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool
    by CISA on March 18, 2021 at 6:00 pm

    Original release date: March 18, 2021 | Last revised: April 15, 2021SummaryUpdated April 15, 2021: The U.S. Government attributes this activity to the Russian Foreign Intelligence Service (SVR). Additional information may be found in a statement from the White House. For more information on SolarWinds-related activity, go to https://us-cert.cisa.gov/remediating-apt-compromised-networks and https://www.cisa.gov/supply-chain-compromise. This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following CISA Alerts: AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, which primarily focuses on an advanced persistent threat (APT) actor’s compromise of SolarWinds Orion products affecting U.S. government agencies, critical […]

  • AA21-076A: TrickBot Malware
    by CISA on March 17, 2021 at 3:00 pm

    Original release date: March 17, 2021 | Last revised: May 20, 2021SummaryThis Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spearphishing campaigns using TrickBot malware in North America. A sophisticated group of cybercrime actors is luring victims, via phishing emails, with a traffic infringement phishing scheme to download TrickBot. TrickBot—first identified in 2016—is a Trojan developed and operated by a sophisticated group of cybercrime actors. Originally designed as a banking Trojan to steal financial data, TrickBot has evolved into highly modular, multi-stage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber […]

DOJ and FBI

Information from the Department of Justice (DOJ) and the FBI focused on federal law enforcement, significant cases in the news, and other alerts.

FBI Top Stories

  • Breaking Barriers
    on July 23, 2021 at 9:00 am

    A special agent in the San Juan Division is believed to be the first Black female in the FBI’s history to be selected to a SWAT team.

  • Oklahoma FBI Case Volume Unprecedented
    on July 8, 2021 at 3:00 pm

    The Oklahoma City Field Office has become one of the FBI’s busiest in the year since the Supreme Court affirmed that much of the eastern half of the state is tribal land.

  • Hate Crimes a Top National Threat Priority
    on June 29, 2021 at 6:30 am

    The FBI is stepping up efforts with local law enforcement and civil rights groups to improve the reporting of hate crimes and enforcement of civil rights laws.

  • World Elder Abuse Awareness Day 2021
    on June 15, 2021 at 6:00 am

    People over 60 lost nearly $1 billion in online frauds and scams last year. Learn more about common fraud schemes that target older people as well as practical tips on how to protect yourself and your loved ones from scammers.

  • Operation Trojan Shield
    on June 8, 2021 at 10:30 am

    An innovative, international effort cracked open the encrypted communications platforms relied on by criminal organizations.

  • IC3 Logs 6 Million Complaints
    on May 14, 2021 at 12:00 am

    A record-setting pace of reports to the FBI's Internet Crime Complaint Center shows how pervasive cyber-enabled crimes and scams have become.

  • New Executives Reflect FBI’s Push for Diversity
    on May 12, 2021 at 9:00 am

    As part of an ongoing effort to make the Bureau more representative and inclusive, our executive corridor has undergone a steady transition to better reflect the communities we serve.

  • FBI and Strike Force Target Fraud Against Federal Contracts
    on May 12, 2021 at 8:00 am

    More than 360 investigators, analysts, and data scientists are working across dozens of agencies as part of the Procurement Collusion Strike Force to deter and detect crimes involving federal money.

  • Director Wray Honors Fallen Officers During National Police Week
    on May 11, 2021 at 9:00 am

    FBI Director Christopher Wray thanked the nation’s law enforcement officers for their work keeping communities safe in remarks observing National Police Week.

  • Partnerships Are Key to Disrupting Violent Plots
    on May 7, 2021 at 8:00 am

    The increasingly insular nature of the terrorism threat is a growing challenge, which is why the FBI is leaning even more on two things that have long been essential to its success: partnerships and help from an aware and informed public.

  • Navajo-Language Posters Aim to Reach Critical Audience
    on May 5, 2021 at 8:00 am

    An initiative to translate FBI posters into Navajo illustrates one way the FBI and Native Americans are working together to solve missing and murdered indigenous persons cases.

  • International Scammer Sentenced
    on April 26, 2021 at 6:00 am

    A man who used phishing techniques to steal millions of dollars in a global business email compromise scheme received a 10-year prison term for his crimes.

  • Helping Crime Victims
    on April 19, 2021 at 10:00 am

    As the country observes National Crime Victims’ Rights Week, learn more about the assistance and services the FBI provides victims of crime and their families.

  • Scam PACs Are on the Rise
    on April 15, 2021 at 1:30 pm

    Thinking about donating to a political action committee to support an issue or candidate? Do your research first—the FBI is seeing an increase in reports of potentially fraudulent PACs.

  • Stopping Public Corruption
    on April 7, 2021 at 6:00 am

    A Philadelphia city employee who was supposed to be ferreting out corruption and mismanagement is now serving a federal prison sentence for using his official position to solicit and accept bribes.

Kidnappings and Missing Persons

FBI Intelligence

    Feed has no items.