Threats

Note: Most of my rss feeds on this page are currently broken. Sorry about that. Please consider the “Threats” section under construction for now.

Department of State

The Dept of State has several threat rss feeds, but they aren’t always up.

DHS

Threat information from the Department of Homeland Security (DHS), including the National Terrorism Advisory System and Cybersecurity alerts.

National Terrorism Advisory System (NTAS) Alerts

    Feed has no items.

Cybersecurity

  • AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
    by CISA on January 8, 2021 at 4:36 pm

    Original release date: January 8, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This Alert is a companion alert to AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations. AA20-352A primarily focuses on an advanced persistent threat (APT) actor’s compromise of SolarWinds Orion products as an initial access vector into networks of U.S. Government agencies, critical infrastructure entities, and private network organizations. As noted in AA20-352A, the Cybersecurity and Infrastructure Security Agency (CISA) has evidence of initial access vectors in addition to the compromised SolarWinds Orion products. This Alert also addresses activity—irrespective of the initial access vector leveraged—that CISA attributes to an APT actor. Specifically, CISA […]

  • AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
    by CISA on December 17, 2020 at 3:00 pm

    Original release date: December 17, 2020 | Last revised: January 7, 2021SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations. (Updated January 6, 2021): One of the initial access vectors for this activity is a supply chain compromise of a Dynamic Link Library (DLL) in the following SolarWinds Orion products (see Appendix A). Note: prior versions of this Alert included a single bullet that listed two platform versions for the same DLL. For clarity, the Alert now lists these platform versions that share the same DLL version number […]

  • AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
    by CISA on December 10, 2020 at 5:00 pm

    Original release date: December 10, 2020SummaryThis Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year. These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments. Click here for a PDF version of this report. Technical DetailsAs of […]

  • AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks
    by CISA on December 1, 2020 at 6:00 pm

    Original release date: December 1, 2020SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed persistent continued cyber intrusions by advanced persistent threat (APT) actors targeting U.S. think tanks. This malicious activity is often, but not exclusively, directed at individuals and organizations that focus on international affairs or national security policy.[1] The following guidance may assist U.S. think tanks in developing network defense procedures to prevent or rapidly detect these attacks. APT actors have relied on multiple avenues for initial access. These have included low-effort capabilities such as spearphishing emails and third-party message services directed at both corporate and personal accounts, as […]

  • AA20-304A: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data
    by CISA on October 30, 2020 at 6:11 pm

    Original release date: October 30, 2020 | Last revised: November 3, 2020SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor techniques. This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). CISA and the FBI are aware of an Iranian advanced persistent threat (APT) actor targeting U.S. state websites—to include election websites. CISA and the FBI assess this actor is responsible for the mass dissemination of voter intimidation emails to U.S. citizens and the dissemination of U.S. election-related disinformation in mid-October 2020. This disinformation (hereinafter, “the propaganda video”) was in the form of a video purporting to misattribute the activity to a U.S. domestic actor and implies that individuals could cast fraudulent […]

  • AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector
    by CISA on October 28, 2020 at 11:07 pm

    Original release date: October 28, 2020 | Last revised: November 2, 2020SummaryThis advisory was updated to include information on Conti, TrickBot, and BazarLoader, including new IOCs and Yara Rules for detection. This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health (HPH) Sector to infect systems with ransomware, notably Ryuk and Conti, for financial gain. CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals […]

  • AA20-301A: North Korean Advanced Persistent Threat Focus: Kimsuky
    by CISA on October 27, 2020 at 5:00 pm

    Original release date: October 27, 2020SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Cyber Command Cyber National Mission Force (CNMF). This advisory describes the tactics, techniques, and procedures (TTPs) used by North Korean advanced persistent threat (APT) group Kimsuky—against worldwide targets—to gain intelligence on various topics of interest to the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.cisa.gov/northkorea. This advisory describes known Kimsuky TTPs, as found in […]

  • AA20-296B: Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems
    by CISA on October 22, 2020 at 4:00 pm

    Original release date: October 22, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that Iranian advanced persistent threat (APT) actors are likely intent on influencing and interfering with the U.S. elections to sow discord among voters and undermine public confidence in the U.S. electoral process. The APT actors are creating fictitious media sites and spoofing legitimate media sites to spread obtained U.S. voter-registration data, anti-American propaganda, and misinformation about voter suppression, voter fraud, and ballot fraud. The APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, structured query language (SQL) injections attacks, spear-phishing campaigns, website defacements, and disinformation campaigns.  Click here for a PDF version of this report. Technical DetailsThese actors have conducted a significant number of […]

  • AA20-296A: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets
    by CISA on October 22, 2020 at 12:44 pm

    Original release date: October 22, 2020 | Last revised: December 1, 2020SummaryThis joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques This joint cybersecurity advisory—written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA)—provides information on Russian state-sponsored advanced persistent threat (APT) actor activity targeting various U.S. state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks. This advisory updates joint CISA-FBI cybersecurity advisory AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations. Since at least September 2020, a Russian state-sponsored APT actor—known variously as Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, […]

  • AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
    by CISA on October 9, 2020 at 8:21 pm

    Original release date: October 9, 2020 | Last revised: October 24, 2020SummaryThis joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note: the analysis in this joint cybersecurity advisory is ongoing, and the information provided should not be considered comprehensive. The Cybersecurity and Infrastructure Security Agency (CISA) will update this advisory as new information is available. This joint cybersecurity advisory was written by CISA with contributions from the Federal Bureau of Investigation (FBI).  CISA has recently observed advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon. The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities in the course of […]

DOJ and FBI

Information from the Department of Justice (DOJ) and the FBI focused on federal law enforcement, significant cases in the news, and other alerts.

FBI Top Stories

  • Hacker Who Disrupted PPE Shipments Sentenced
    on January 6, 2021 at 6:00 am

    A disgruntled former employee of a medical equipment packaging company was sentenced for hacking into the company’s computer systems and disrupting the shipment of personal protective equipment during the COVID-19 pandemic.

  • Innocent Images Program Marks 25 Years
    on December 28, 2020 at 8:00 am

    When a 1990s kidnapping case led FBI agents to individuals who were using the internet to share images of child sexual abuse and lure children into harm, it launched a revolution in how the FBI investigates these crimes.

  • New Charges in Pan Am Flight 103 Bombing
    on December 21, 2020 at 11:00 am

    Thirty-two years after the terrorist bombing of a Pan Am jet over Scotland killed 270 people, including 190 Americans, charges have been filed against a former Libyan intelligence operative for his alleged role in building the bomb.

  • Iris Biometric Added to NGI
    on December 11, 2020 at 10:00 am

    The Next Generation Identification Iris Service gives the FBI and partner agencies the ability to capture, catalog, and make rapid comparisons of iris images with a high rate of accuracy.

  • Five Things to Know About NIBRS
    on November 25, 2020 at 7:40 am

    Next year, the National Incident-Based Reporting System will become the national crime data collection program. The result will be more robust and complete data for law enforcement, researchers, and the public.

  • Sextortion
    on November 10, 2020 at 7:00 am

    The case of a Florida man who was sentenced to 60 years in prison for victimizing a teenager online highlights the growing crime of sextortion and its devastating real-life consequences.

  • New Top Ten Fugitive
    on October 13, 2020 at 6:37 am

    Jose Rodolfo Villarreal-Hernandez, wanted for allegedly directing individuals to track and murder a man in Southlake, Texas, has been added to the FBI’s Ten Most Wanted Fugitives list. A reward of up to $1 million is available for information leading to his arrest.

  • Train Derailment Mystery
    on October 9, 2020 at 6:00 am

    Twenty-five years after the derailment of Amtrak's Sunset Limited passenger train in Arizona killed the conductor and injured dozens of passengers, investigators are still trying to find answers—and justice for the victims.

  • Operation DisrupTor
    on September 22, 2020 at 8:30 am

    A Joint Criminal Opioid and Darknet Enforcement (JCODE) investigation in Los Angeles exemplifies the teamwork and tenacity required to uncover the people behind drug operations that run through a network prized for its encryption and anonymity.

  • Iran at Center of Cyber Crime Charges in Three Cases
    on September 18, 2020 at 1:01 pm

    Criminal charges announced against multiple alleged hackers in Iran show the breadth of the cyber threat emanating from that country and the FBI and partner agency efforts to neutralize it and hold the individuals accountable.

  • FBI Checklist Aids Searches for Missing Autistic Children
    on September 18, 2020 at 9:00 am

    After a 6-year-old boy with autism went missing in North Carolina in 2018, the FBI’s Child Abduction Rapid Deployment Team developed a one-page questionnaire to help investigators be better prepared in similar cases.

  • FBI Strategy Addresses Evolving Cyber Threat
    on September 16, 2020 at 9:08 am

    FBI Director Christopher Wray announced the Bureau’s new strategy for countering cyber threats in remarks at the virtual CISA National Cybersecurity Summit.

  • Robots Help Manage Billions of Pages at New FBI Central Records Complex
    on August 12, 2020 at 2:00 am

    The new facility in Virginia will house more than 2 billion pages of records and enlists robots to help with filing and retrieval.

  • Trade Secret Theft
    on July 29, 2020 at 10:14 am

    A lengthy FBI investigation resulted in guilty pleas from two men who admitted to their roles in stealing trade secrets from General Electric to start a competing business in another country.

  • Danger Beneath the Surface
    on July 22, 2020 at 6:00 am

    Get an interactive look at how the FBI’s Underwater Post-Blast Investigation course prepares the nation's public safety bomb tech divers to counter threats in their home harbors and waterways.

Kidnappings and Missing Persons

FBI Intelligence

    Feed has no items.