Amdall Gallery

Original release date: January 24, 2019 | Last revised: February 13, 2019Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.See the following links for downloadable copies of open-source indicators of compromise (IOCs) from the sources listed in the References section below:IOCs (.csv)IOCs (.stix)Note: these files were last updated February 13, 2019, to remove the following three non-malicious IP […]

Original release date: December 03, 2018Summary The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.The SamSam actors targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally. Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms.The actors […]

Original release date: November 27, 2018Systems Affected Microsoft Windows Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred to by the U.S. Government as "3ve"—involving the control of over 1.7 million unique Internet Protocol (IP) addresses globally, when sampled over a 10-day window. Description Online advertisers desire premium websites on which to publish their ads and large numbers of visitors to view those ads. 3ve created fake versions of both (websites and visitors), and funneled the advertising revenue to cyber criminals. 3ve obtained control over 1.7 million unique IPs by leveraging victim computers infected with Boaxxe/Miuref and Kovter malware, as well as Border […]

Original release date: October 11, 2018Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5]In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. The five tools are:Remote Access Trojan: JBiFrostWebshell: China ChopperCredential Stealer: MimikatzLateral Movement Framework: PowerShell EmpireC2 Obfuscation and Exfiltration: HUC Packet TransmitterTo aid the work of network defenders and systems administrators, we also provide advice on limiting the effectiveness of these tools and detecting their use on a network.The individual tools we cover in this report are limited examples of the types of tools used by threat actors. You should not consider this an exhaustive list when planning your network defense.Tools and techniques for exploiting networks […]

Original release date: October 03, 2018Systems Affected Network Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.This Technical Alert (TA) provides information and guidance to assist MSP customer network and system administrators with the detection of malicious activity on their networks and systems and the mitigation of associated risks. This TA includes an overview of TTPs used by APT actors in MSP network environments, recommended mitigation […]

Original release date: October 03, 2018Systems Affected Network Systems Overview This technical alert addresses the exploitation of trusted network relationships and the subsequent illicit use of legitimate credentials by Advanced Persistent Threat (APT) actors. It identifies APT actors' tactics, techniques, and procedures (TTPs) and describes the best practices that could be employed to mitigate each of them. The mitigations for each TTP are arranged according to the National Institute of Standards and Technology (NIST) Cybersecurity Framework core functions of Protect, Detect, Respond, and Recover. Description APT actors are using multiple mechanisms to acquire legitimate user credentials to exploit trusted network relationships in order to expand unauthorized access, maintain persistence, and exfiltrate data from targeted organizations. Suggested best practices for administrators to mitigate this threat include auditing credentials, […]

Original release date: October 02, 2018 | Last revised: December 21, 2018Systems Affected Retail Payment Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS, Treasury, and FBI identified malware and other indicators of compromise (IOCs) used by the North Korean government in an Automated Teller Machine (ATM) cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.FBI has high confidence that HIDDEN COBRA actors are using the IOCs listed in this report to maintain a presence on victims’ networks to enable network exploitation. […]

Original release date: July 20, 2018Systems Affected Network Systems Overview Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.This joint Technical Alert (TA) is the result of Multi-State Information Sharing & Analysis Center (MS-ISAC) analytic efforts, in coordination with the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC). Description Emotet continues to be among the most costly and destructive malware affecting SLTT governments. Its worm-like features result in rapidly spreading network-wide infection, which are difficult to combat. Emotet infections have cost SLTT governments up to $1 million per incident to remediate.Emotet is an […]

Original release date: May 29, 2018 | Last revised: May 31, 2018Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with two families of malware used by the North Korean government:a remote access tool (RAT), commonly known as Joanap; anda Server Message Block (SMB) worm, commonly known as Brambul.The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and […]

Original release date: May 25, 2018 | Last revised: June 07, 2018Systems Affected Small office/home office (SOHO) routersNetworked devicesNetwork-attached storage (NAS) devicesOverview Cybersecurity researchers have identified that foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide [1] [2] [3]. The actors used VPNFilter malware to target small office/home office (SOHO) routers. VPNFilter malware uses modular functionality to collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic. Specific characteristics of VPNFilter have only been observed in the BlackEnergy malware, specifically BlackEnergy versions 2 and 3.The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) recommend that owners of SOHO routers power cycle (reboot) SOHO routers and networked devices to temporarily disrupt the malware.DHS and […]

As part of the Appalachian Regional Prescription Opioid Strike Force, the FBI joined partner agencies in announcing the largest law enforcement action to date against illegal opioid prescribers. […]

Frank Sprenz, a former Ten Most Wanted Fugitive and prolific criminal who, among other offenses, stole small planes and flew to various cities to evade the law, was arrested 60 years ago this week. […]

Three men were sentenced to federal prison after being convicted of conspiring to use a weapon of mass destruction against Somali immigrants in a Kansas apartment complex. […]

Thanks to a multi-agency investigation, the FBI and Department of Justice announced charges against 24 defendants who were allegedly part of a $1.2 billion fraud scheme against Medicare—one of the largest in U.S. history. […]

The FBI’s Victim Services Response Team, a specially trained cadre of victim specialists, agents, and analysts, was established in 2005 to provide support for victims in mass casualty events. […]

Thirty-five years after the bust of a vast, long-running Mafia drug conspiracy that touched four continents, the Pizza Connection case continues to pay dividends for partnerships, policing, and public safety. […]

A nationwide push to test backlogged sexual assault kits is teaching law enforcement about the serial nature of many sexual offenders—and as we mark Sexual Assault Awareness Month, the findings offer important insights into the nation’s most underreported violent crime. […]

As the FBI celebrates 100 years of African-American special agents and observes Women’s History Month, we remember Sylvia Mathis, the first African-American woman to serve as an FBI agent. […]

The Joint Criminal Opioid and Darknet Enforcement (J-CODE) team is delivering results through coordinated efforts and the commitment of the nation’s law enforcement agencies to address opioid sales on the Darknet. […]

Two decades ago, computer viruses were still relatively new notions to most Americans, but the fast-moving and destructive Melissa virus changed that in a significant way and showed many the darker side of the web. […]

For two decades, members of the FBI's Evidence Response Teams have trained on properly excavating burial sites at the Anthropology Research Facility in Knoxville, Tennessee. […]

A company that was investigated for making false statements regarding the levels of formaldehyde in its laminate flooring products has agreed to pay a $33 million penalty for securities fraud. […]

A real estate fraudster who targeted victims with limited English proficiency was sentenced for swindling homeowners and would-be homeowners out of more than $1 million. […]

FBI Director Christopher Wray has made a visit to the National September 11 Memorial & Museum in New York City a required part of the curriculum for all new special agent and intelligence analyst trainees. […]

Former FBI Director William Webster discusses being the target of a Jamaican lottery scam and his role in the ensuing investigation that led to his fraudster’s arrest and conviction. […]

The FBI and its partners are seeking the public's help in identifying an unknown suspect believed to be responsible for robbing three banks in North Carolina. […]

Michael R. Goeller, a former St. Joseph, Missouri Boy Scout leader, received six years in prison for distributing child pornography over the Internet. […]

Yousef Goba of Yemen, who was convicted of making extortionate threats to harm and kidnap a minor, was sentenced to serve 41 months in prison. […]

Danys Rivera and his wife, Diana Acevedo, of Providence, pleaded guilty to charges of concealing $70,000 in assets from a federal bankruptcy court. […]

Sharday Monique Thomas of Hammond, Louisiana, received 41 months in prison for a wire fraud scheme. […]

Hansel Ramon Rodriguez Ramirez, a Dominican national, received five years in prison in Springfield for dealing heroin. […]

Ashley N. Garr of St. Joseph, Missouri, an in-home health care nursing assistant, received five years in prison for stealing bank account information. […]

Suzanne Muscara of Burlington, Maine, was indicted for mailing a threatening communication to Senator Susan Collins. […]

Officials announced a multi-agency, multi-jurisdictional law enforcement effort that focused on drug trafficking in the area of Brattleboro, Vermont. […]

Former Idaho Department of Correction correctional officer Erik Thompson has been sentenced for firearms offenses. […]

On April 19, 2019, members of the FBI Oklahoma City Field Office participated in remembrance ceremonies marking the 24th anniversary of the Oklahoma City Bombing. […]

Amor M. Ftouhi of Canada received life in prison for committing an act of terrorism transcending national boundaries and two other offenses. […]

Camilo Q. Primero, a former medical doctor, and his business partner, Aurora S. Beltran, received 33 months in prison for a health care fraud scheme. […]

Junzo Suzuki and Paul Suzuki, former executives of a Las Vegas investment company, were extradited from Japan in connection with a $1.5 billion Ponzi scheme. […]

The former Sheriff of Tallahatchie County received six years for agreeing to allow the robbery of a drug dealer and drug distribution in exchange for bribes. […]

The FBI’s Law Enforcement Officers Killed and Assaulted Program frequently updates the preliminary data on officer deaths for the current year on its webpage on fbi.gov. […]

The UCR Program will transition from the Summary Reporting System to the National Incident Based Reporting System by January 1, 2021. The CJIS Division has compiled a list of 30 frequently asked questions you may have about the transition. […]

The 2018 Preliminary Semiannual Uniform Crime Report, released February 26, shows declines in both violent crime and property crime in the first half of 2018. […]

The FBI’s National Data Exchange (N-DEx) System proves instrumental in helping officers identify and locate probation absconders, felony warrant subjects, and a violent gang member. […]

The 2018 Year in Review demonstrates the CJIS Division’s commitment to provide the best possible tools to help its partners fight crime and terrorism. […]

The FBI released information on more than 6 million criminal offenses submitted to its National Incident-Based Reporting System last year, as law enforcement continues transitioning to the more robust system. […]

The official launch of the National Use-of-Force Data Collection, which offers a comprehensive view of use-of-force incidents, will take place on January 1, 2019. […]

For two decades, the National Instant Criminal Background Check System (NICS) has been ascertaining a person’s eligibility under law to receive or possess a firearm. […]

The number of hate crime incidents reported to the FBI increased about 17 percent in 2017 compared with the previous year, according to the Uniform Crime Reporting Program’s annual Hate Crime Statistics report. […]

The FBI’s National Data Exchange (N-DEx) System was instrumental in helping the Troup County Sheriff's Office in Georgia locate two wanted felons. […]

A U.S. Customs and Border Protection officer in Virginia used the FBI’s N-DEx System to help identify an unknown kidnapping suspect who became part of a larger human trafficking investigation. […]

Both violent crime and property crime declined in 2017 when compared with 2016 data, according to the FBI’s annual Crime in the United States report. […]

The second installment of Law Enforcement Officers Killed and Assaulted, 2017, was released on on July 30 and includes statistics about officers assaulted in the line of duty. […]

The FBI’s National Data Exchange (N-DEx) System is instrumental in helping the Tennessee Department of Corrections locate probation and parole absconders. […]

The CJIS Link is a publication that tells our partners about new services and system capabilities, as well as relevant changes in policy. […]

During World War II, Argentina was a hotbed of intrigue and proved to be a tough environment for […]

During a meeting of intelligence and national security leaders, FBI Director Christopher Wray […]

The FBI's Weapons of Mass Destruction Directorate was established 10 years ago and today serves as […]

New collaborative program at FBI Academy integrates agents and intelligence analysts. […]

Director Comey joined Director of National Intelligence Clapper and several other Intelligence […]

The FBI vigilantly investigates cases of industrial espionage and theft of intellectual property, […]

Standing outside the White House on a sunny day in May 1955, President Dwight Eisenhower smiled as […]

Economic espionage is a significant threat to our country’s economic health and security. […]

Investigating financial crime is like working a puzzle—you have to fit all of the pieces of […]

At the National Virtual Translation Center’s offices near FBI Headquarters in Washington […]