Threats

Note: Most of my rss feeds on this page are currently broken. Sorry about that. Please consider the “Threats” section under construction for now.

Department of State

The Dept of State has several threat rss feeds, but they aren’t always up.

DHS

Threat information from the Department of Homeland Security (DHS), including the National Terrorism Advisory System and Cybersecurity alerts.

National Terrorism Advisory System (NTAS) Alerts

    Feed has no items.

Cybersecurity

  • AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool
    by CISA on March 18, 2021 at 6:00 pm

    Original release date: March 18, 2021 | Last revised: April 9, 2021SummaryThis Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following CISA Alerts: AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, which primarily focuses on an advanced persistent threat (APT) actor’s compromise of SolarWinds Orion products affecting U.S. government agencies, critical infrastructure entities, and private network organizations. AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments, which addresses APT activity within Microsoft 365/Azure environments and offers an overview of—and guidance on—available open-source tools. The Alert includes the CISA-developed Sparrow tool that helps network defenders […]

  • AA21-076A: TrickBot Malware
    by CISA on March 17, 2021 at 3:00 pm

    Original release date: March 17, 2021 | Last revised: March 24, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spearphishing campaigns using TrickBot malware in North America. A sophisticated group of cybercrime actors is luring victims, via phishing emails, with a traffic infringement phishing scheme to download TrickBot. TrickBot—first identified in 2016—is a Trojan developed and operated by a sophisticated group of cybercrime actors. Originally designed as a banking Trojan to steal financial data, TrickBot has evolved into highly modular, multi-stage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. To secure against […]

  • AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
    by CISA on March 3, 2021 at 6:12 pm

    Original release date: March 3, 2021 | Last revised: March 31, 2021SummaryNote: This Alert was updated March 25, 2021, to provide further guidance.  Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to credentials stored on that system. Successful exploitation may additionally enable the attacker to compromise trust and identity in a vulnerable network. Microsoft released out-of-band patches to address vulnerabilities in Microsoft Exchange Server. The vulnerabilities impact on-premises Microsoft Exchange Servers and are not known to impact Exchange Online or Microsoft 365 (formerly O365) cloud email services. This Alert includes […]

  • AA21-055A: Exploitation of Accellion File Transfer Appliance
    by CISA on February 24, 2021 at 2:00 pm

    Original release date: February 24, 2021 | Last revised: February 25, 2021SummaryThis joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[1] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[5][6] These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA).[7] This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, the United Kingdom, and the United States. Worldwide, actors have exploited the vulnerabilities to attack multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors. According to Accellion, this activity involves attackers leveraging four vulnerabilities to target FTA customers.[8] In one incident, an attack on an SLTT organization […]

  • AA21-048A: AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
    by CISA on February 17, 2021 at 4:00 pm

    Original release date: February 17, 2021 | Last revised: March 2, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic People’s Republic of Korea (DPRK), and provide mitigation recommendations. Working with U.S. government partners, FBI, CISA, and Treasury assess that Lazarus Group—which these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actors—is targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of […]

  • AA21-042A: Compromise of U.S. Water Treatment Facility
    by CISA on February 11, 2021 at 7:15 pm

    Original release date: February 11, 2021 | Last revised: February 12, 2021SummaryOn February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change. As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system. Early information indicates it is possible that a desktop sharing software, such as […]

  • AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
    by CISA on January 8, 2021 at 4:36 pm

    Original release date: January 8, 2021 | Last revised: April 8, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This Alert is a companion alert to AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations. AA20-352A primarily focuses on an advanced persistent threat (APT) actor’s compromise of SolarWinds Orion products as an initial access vector into networks of U.S. Government agencies, critical infrastructure entities, and private network organizations. As noted in AA20-352A, the Cybersecurity and Infrastructure Security Agency (CISA) has evidence of initial access vectors in addition to the compromised SolarWinds Orion products. This Alert also addresses activity—irrespective of the initial access vector leveraged—that CISA attributes to an […]

  • AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
    by CISA on December 17, 2020 at 3:00 pm

    Original release date: December 17, 2020 | Last revised: February 8, 2021SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations. (Updated January 6, 2021): One of the initial access vectors for this activity is a supply chain compromise of a Dynamic Link Library (DLL) in the following SolarWinds Orion products (see Appendix A). Note: prior versions of this Alert included a single bullet that listed two platform versions for the same DLL. For clarity, the Alert now lists these platform versions that share the same DLL version number […]

  • AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
    by CISA on December 10, 2020 at 5:00 pm

    Original release date: December 10, 2020SummaryThis Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year. These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments. Click here for a PDF version of this report. Technical DetailsAs of […]

  • AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks
    by CISA on December 1, 2020 at 6:00 pm

    Original release date: December 1, 2020SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed persistent continued cyber intrusions by advanced persistent threat (APT) actors targeting U.S. think tanks. This malicious activity is often, but not exclusively, directed at individuals and organizations that focus on international affairs or national security policy.[1] The following guidance may assist U.S. think tanks in developing network defense procedures to prevent or rapidly detect these attacks. APT actors have relied on multiple avenues for initial access. These have included low-effort capabilities such as spearphishing emails and third-party message services directed at both corporate and personal accounts, as […]

DOJ and FBI

Information from the Department of Justice (DOJ) and the FBI focused on federal law enforcement, significant cases in the news, and other alerts.

FBI Top Stories

  • InfraGard Marks 25 Years of Protecting the Country’s Critical Infrastructure
    on April 9, 2021 at 10:00 am

    From a small group that started in 1996 to an organization more than 75,000 strong today, InfraGard brings together representatives from the private and public sectors to help protect our nation’s critical infrastructure from attacks.

  • Stopping Public Corruption
    on April 7, 2021 at 6:00 am

    A Philadelphia city employee who was supposed to be ferreting out corruption and mismanagement is now serving a federal prison sentence for using his official position to solicit and accept bribes.

  • The Unabomber Case 25 Years Later
    on April 2, 2021 at 7:00 am

    A quarter-century ago, FBI agents raided the Montana cabin of Theodore Kaczynski after his writings were used to identify him as the elusive serial bomber who conducted a years-long reign of terror that left three dead and nearly two dozen injured.

  • Change Agents: Women’s History Month 2021
    on March 25, 2021 at 7:00 am

    Women in the FBI don't just break down doors—they break barriers and make change. Learn more about some of the women in FBI leadership and how they are making a difference every day.

  • Cryptocurrencies a Growing Target of Theft
    on March 11, 2021 at 12:00 pm

    Recent charges against North Korean hackers show cyber criminals are increasingly targeting virtual currency markets and exchanges.

  • Concert Promoter Sentenced for Ponzi Scheme
    on March 3, 2021 at 6:00 am

    A smooth talking concert promoter told investors he could make them rich. But instead, he and an associate swindled their victims out of more than $20 million—and are now serving prison time.

  • Moving the Diversity Needle
    on February 26, 2021 at 9:00 am

    Assistant Director A. Tonya Odom, who served for eight years as the FBI’s first chief diversity officer, looks back on her role as the leading advocate for diversity and inclusion at the Bureau.

  • Honoring Our Fallen Agents
    on February 8, 2021 at 8:35 am

    Memorial services were held in Florida to honor the lives of FBI Special Agents Laura Schwartzenberger and Daniel Alfin, who were killed in the line of duty February 2, 2021. We will always remember their ultimate sacrifice.

  • Emotet Malware Disrupted
    on February 1, 2021 at 9:16 am

    The FBI worked alongside foreign law enforcement and private sector partners in an innovative, coordinated effort to take down a destructive malware known as Emotet.

  • Investment Fraudster Sentenced
    on January 27, 2021 at 6:00 am

    A man who pretended to be an accountant and lawyer defrauded an unsuspecting family out of more than $700,000—and is now spending time behind bars.

  • New Reward in Boston Chinatown Massacre Case
    on January 12, 2021 at 11:00 am

    The FBI and Boston Police are hoping a $30,000 reward will shed light on the whereabouts of a suspect in the execution-style murders of five men 30 years ago.

  • Stopping Human Trafficking
    on January 11, 2021 at 6:00 am

    The recent disruption of a Washington, D.C.-area trafficking ring shows the FBI's commitment to stopping human traffickers—during National Slavery and Human Trafficking Prevention Month and all year long.

  • Hacker Who Disrupted PPE Shipments Sentenced
    on January 6, 2021 at 6:00 am

    A disgruntled former employee of a medical equipment packaging company was sentenced for hacking into the company’s computer systems and disrupting the shipment of personal protective equipment during the COVID-19 pandemic.

  • Innocent Images Program Marks 25 Years
    on December 28, 2020 at 8:00 am

    When a 1990s kidnapping case led FBI agents to individuals who were using the internet to share images of child sexual abuse and lure children into harm, it launched a revolution in how the FBI investigates these crimes.

  • New Charges in Pan Am Flight 103 Bombing
    on December 21, 2020 at 11:00 am

    Thirty-two years after the terrorist bombing of a Pan Am jet over Scotland killed 270 people, including 190 Americans, charges have been filed against a former Libyan intelligence operative for his alleged role in building the bomb.

Kidnappings and Missing Persons

FBI Intelligence

    Feed has no items.