Threats

Note: Most of my rss feeds on this page are currently broken. Sorry about that. Please consider the “Threats” section under construction for now.

Department of State

The Dept of State has several threat rss feeds, but they aren’t always up.

  • Counterterrorism: Remarks to the Press
    on April 8, 2019 at 4:40 pm

    Remarks Michael R. Pompeo Secretary of State Press Briefing Room Washington, DC April 8, 2019 SECRETARY POMPEO: Good morning. I’m here to make an important foreign policy announcement concerning the Islamic Republic of Iran. Today the United States is continuing to build its maximum pressure campaign against the Iranian regime. I am announcing our intent to designate the Islamic Revolutionary Guard Corps, including its Qods Force, as a foreign terrorist organization in accordance with Section 219 of the Immigration and Nationality Act. This designation will take effect one week from today. This is the first time that the United States has designated a part of another government as an FTO. We’re doing because the Iranian regime’s use of terrorism as a tool of statecraft makes it fundamentally different from any other government. This historic step will deprive the world’s leading state sponsor of terror the financial means to spread misery […]

  • Counterterrorism: Intent To Designate the Islamic Revolutionary Guards Corps as a Foreign Terrorist Organization
    on April 8, 2019 at 3:22 pm

    Media Note Office of the Spokesperson Washington, DC April 8, 2019 Today, the Secretary of State announced his intent to designate the Islamic Revolutionary Guard Corps (IRGC), including its Qods Force, as a Foreign Terrorist Organization (FTO) under section 219 of the Immigration and Nationality Act. This designation is a historic step to counter Iran-backed terrorism around the world. The IRGC – primarily through its Qods Force – is the primary arm of the Iranian government that carries out and directs Tehran’s dangerous and destabilizing global terrorist campaign. The IRGC provides funding, equipment, training, and logistical support to a broad range of terrorist and militant organizations, totaling approximately one billion dollars annually in assistance. The IRGC has also been directly involved in terrorist plotting, malign activity and outlaw behavior in many countries, including Germany, Bosnia, Bulgaria, Kenya, Bahrain, and Turkey, among […]

    Feed has no items.
      Feed has no items.

      DHS

      Threat information from the Department of Homeland Security (DHS), including the National Terrorism Advisory System and Cybersecurity alerts.

      National Terrorism Advisory System (NTAS) Alerts

        Feed has no items.

        Cybersecurity

        • AA19-024A: DNS Infrastructure Hijacking Campaign
          by US-CERT on January 24, 2019 at 8:01 pm

          Original release date: January 24, 2019 | Last revised: February 13, 2019Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.See the following links for downloadable copies of open-source indicators of compromise (IOCs) from the sources listed in the References section below:IOCs (.csv)IOCs (.stix)Note: these files were last updated February 13, 2019, to remove the following three non-malicious IP […]

        • AA18-337A: SamSam Ransomware
          by US-CERT on December 3, 2018 at 4:18 pm

          Original release date: December 03, 2018Summary The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.The SamSam actors targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally. Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms.The actors […]

        • TA18-331A: 3ve – Major Online Ad Fraud Operation
          by US-CERT on November 27, 2018 at 5:09 pm

          Original release date: November 27, 2018Systems Affected Microsoft Windows Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred to by the U.S. Government as "3ve"—involving the control of over 1.7 million unique Internet Protocol (IP) addresses globally, when sampled over a 10-day window. Description Online advertisers desire premium websites on which to publish their ads and large numbers of visitors to view those ads. 3ve created fake versions of both (websites and visitors), and funneled the advertising revenue to cyber criminals. 3ve obtained control over 1.7 million unique IPs by leveraging victim computers infected with Boaxxe/Miuref and Kovter malware, as well as Border […]

        • AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
          by US-CERT on October 11, 2018 at 3:19 pm

          Original release date: October 11, 2018Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5]In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. The five tools are:Remote Access Trojan: JBiFrostWebshell: China ChopperCredential Stealer: MimikatzLateral Movement Framework: PowerShell EmpireC2 Obfuscation and Exfiltration: HUC Packet TransmitterTo aid the work of network defenders and systems administrators, we also provide advice on limiting the effectiveness of these tools and detecting their use on a network.The individual tools we cover in this report are limited examples of the types of tools used by threat actors. You should not consider this an exhaustive list when planning your network defense.Tools and techniques for exploiting networks […]

        • TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers
          by US-CERT on October 3, 2018 at 11:47 am

          Original release date: October 03, 2018Systems Affected Network Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.This Technical Alert (TA) provides information and guidance to assist MSP customer network and system administrators with the detection of malicious activity on their networks and systems and the mitigation of associated risks. This TA includes an overview of TTPs used by APT actors in MSP network environments, recommended mitigation […]

        • TA18-276A: Using Rigorous Credential Control to Mitigate Trusted Network Exploitation
          by US-CERT on October 3, 2018 at 11:00 am

          Original release date: October 03, 2018Systems Affected Network Systems Overview This technical alert addresses the exploitation of trusted network relationships and the subsequent illicit use of legitimate credentials by Advanced Persistent Threat (APT) actors. It identifies APT actors' tactics, techniques, and procedures (TTPs) and describes the best practices that could be employed to mitigate each of them. The mitigations for each TTP are arranged according to the National Institute of Standards and Technology (NIST) Cybersecurity Framework core functions of Protect, Detect, Respond, and Recover. Description APT actors are using multiple mechanisms to acquire legitimate user credentials to exploit trusted network relationships in order to expand unauthorized access, maintain persistence, and exfiltrate data from targeted organizations. Suggested best practices for administrators to mitigate this threat include auditing credentials, […]

        • TA18-275A: HIDDEN COBRA – FASTCash Campaign
          by US-CERT on October 2, 2018 at 3:45 pm

          Original release date: October 02, 2018 | Last revised: December 21, 2018Systems Affected Retail Payment Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS, Treasury, and FBI identified malware and other indicators of compromise (IOCs) used by the North Korean government in an Automated Teller Machine (ATM) cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.FBI has high confidence that HIDDEN COBRA actors are using the IOCs listed in this report to maintain a presence on victims’ networks to enable network exploitation. […]

        • TA18-201A: Emotet Malware
          by US-CERT on July 20, 2018 at 9:24 pm

          Original release date: July 20, 2018Systems Affected Network Systems Overview Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.This joint Technical Alert (TA) is the result of Multi-State Information Sharing & Analysis Center (MS-ISAC) analytic efforts, in coordination with the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC). Description Emotet continues to be among the most costly and destructive malware affecting SLTT governments. Its worm-like features result in rapidly spreading network-wide infection, which are difficult to combat. Emotet infections have cost SLTT governments up to $1 million per incident to remediate.Emotet is an […]

        • TA18-149A: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm
          by US-CERT on May 29, 2018 at 12:18 pm

          Original release date: May 29, 2018 | Last revised: May 31, 2018Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with two families of malware used by the North Korean government:a remote access tool (RAT), commonly known as Joanap; anda Server Message Block (SMB) worm, commonly known as Brambul.The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and […]

        • TA18-145A: Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
          by US-CERT on May 25, 2018 at 6:22 pm

          Original release date: May 25, 2018 | Last revised: June 07, 2018Systems Affected Small office/home office (SOHO) routersNetworked devicesNetwork-attached storage (NAS) devicesOverview Cybersecurity researchers have identified that foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide [1] [2] [3]. The actors used VPNFilter malware to target small office/home office (SOHO) routers. VPNFilter malware uses modular functionality to collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic. Specific characteristics of VPNFilter have only been observed in the BlackEnergy malware, specifically BlackEnergy versions 2 and 3.The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) recommend that owners of SOHO routers power cycle (reboot) SOHO routers and networked devices to temporarily disrupt the malware.DHS and […]

        DOJ and FBI

        Information from the Department of Justice (DOJ) and the FBI focused on federal law enforcement, significant cases in the news, and other alerts.

        FBI Top Stories

        • Opioid Takedown
          on April 17, 2019 at 2:05 pm

          As part of the Appalachian Regional Prescription Opioid Strike Force, the FBI joined partner agencies in announcing the largest law enforcement action to date against illegal opioid prescribers. […]

        • The Flying Bank Robber
          on April 15, 2019 at 1:45 pm

          Frank Sprenz, a former Ten Most Wanted Fugitive and prolific criminal who, among other offenses, stole small planes and flew to various cities to evade the law, was arrested 60 years ago this week. […]

        • Bombing Plotters Sentenced
          on April 12, 2019 at 1:18 pm

          Three men were sentenced to federal prison after being convicted of conspiring to use a weapon of mass destruction against Somali immigrants in a Kansas apartment complex. […]

        • Billion-Dollar Bust
          on April 9, 2019 at 12:05 pm

          Thanks to a multi-agency investigation, the FBI and Department of Justice announced charges against 24 defendants who were allegedly part of a $1.2 billion fraud scheme against Medicare—one of the largest in U.S. history. […]

        • A Rapid Deployment Team for Victims
          on April 8, 2019 at 5:51 am

          The FBI’s Victim Services Response Team, a specially trained cadre of victim specialists, agents, and analysts, was established in 2005 to provide support for victims in mass casualty events. […]

        • The Pizza Connection
          on April 5, 2019 at 10:28 am

          Thirty-five years after the bust of a vast, long-running Mafia drug conspiracy that touched four continents, the Pizza Connection case continues to pay dividends for partnerships, policing, and public safety. […]

        • Sexual Assault Kit Initiative
          on April 2, 2019 at 10:07 am

          A nationwide push to test backlogged sexual assault kits is teaching law enforcement about the serial nature of many sexual offenders—and as we mark Sexual Assault Awareness Month, the findings offer important insights into the nation’s most underreported violent crime. […]

        • The First African-American Female Special Agent
          on March 28, 2019 at 7:19 am

          As the FBI celebrates 100 years of African-American special agents and observes Women’s History Month, we remember Sylvia Mathis, the first African-American woman to serve as an FBI agent. […]

        • Operation SaboTor
          on March 26, 2019 at 8:30 am

          The Joint Criminal Opioid and Darknet Enforcement (J-CODE) team is delivering results through coordinated efforts and the commitment of the nation’s law enforcement agencies to address opioid sales on the Darknet. […]

        • The Melissa Virus
          on March 25, 2019 at 10:57 am

          Two decades ago, computer viruses were still relatively new notions to most Americans, but the fast-moving and destructive Melissa virus changed that in a significant way and showed many the darker side of the web. […]

        • FBI Marks 20 Years of Training at the ‘Body Farm’
          on March 20, 2019 at 12:00 pm

          For two decades, members of the FBI's Evidence Response Teams have trained on properly excavating burial sites at the Anthropology Research Facility in Knoxville, Tennessee. […]

        • Flooring Company Fined
          on March 18, 2019 at 12:56 pm

          A company that was investigated for making false statements regarding the levels of formaldehyde in its laminate flooring products has agreed to pay a $33 million penalty for securities fraud. […]

        • Mortgage Fraud
          on March 15, 2019 at 11:55 am

          A real estate fraudster who targeted victims with limited English proficiency was sentenced for swindling homeowners and would-be homeowners out of more than $1 million. […]

        • ‘Remember This Day’
          on March 13, 2019 at 11:03 am

          FBI Director Christopher Wray has made a visit to the National September 11 Memorial & Museum in New York City a required part of the curriculum for all new special agent and intelligence analyst trainees. […]

        • Ex-Director Foils Scam
          on March 7, 2019 at 12:38 pm

          Former FBI Director William Webster discusses being the target of a Jamaican lottery scam and his role in the ensuing investigation that led to his fraudster’s arrest and conviction. […]

        Kidnappings and Missing Persons

        • 2019 Preliminary Data on Law Enforcement Officer Deaths Available
          on April 16, 2019 at 8:00 am

          The FBI’s Law Enforcement Officers Killed and Assaulted Program frequently updates the preliminary data on officer deaths for the current year on its webpage on fbi.gov. […]

        • NIBRS: 30 FAQs
          on April 3, 2019 at 7:43 am

          The UCR Program will transition from the Summary Reporting System to the National Incident Based Reporting System by January 1, 2021. The CJIS Division has compiled a list of 30 frequently asked questions you may have about the transition. […]

        • 2018 Preliminary Semiannual Uniform Crime Report Released
          on March 19, 2019 at 1:32 pm

          The 2018 Preliminary Semiannual Uniform Crime Report, released February 26, shows declines in both violent crime and property crime in the first half of 2018. […]

        • N-DEx System Helps Investigators Outwit Offenders
          on March 6, 2019 at 2:50 pm

          The FBI’s National Data Exchange (N-DEx) System proves instrumental in helping officers identify and locate probation absconders, felony warrant subjects, and a violent gang member. […]

        • CJIS Division: 2018 Year in Review
          on February 19, 2019 at 3:31 pm

          The 2018 Year in Review demonstrates the CJIS Division’s commitment to provide the best possible tools to help its partners fight crime and terrorism. […]

        • 2017 NIBRS Crime Data Released
          on February 5, 2019 at 1:20 pm

          The FBI released information on more than 6 million criminal offenses submitted to its National Incident-Based Reporting System last year, as law enforcement continues transitioning to the more robust system. […]

        • FBI Announces Launch of National Use-Of-Force Data Collection
          on December 11, 2018 at 2:13 pm

          The official launch of the National Use-of-Force Data Collection, which offers a comprehensive view of use-of-force incidents, will take place on January 1, 2019. […]

        • National Instant Criminal Background Check System Celebrates 20 Years of Service
          on November 30, 2018 at 9:10 am

          For two decades, the National Instant Criminal Background Check System (NICS) has been ascertaining a person’s eligibility under law to receive or possess a firearm. […]

        • 2017 Hate Crime Statistics Released
          on November 27, 2018 at 4:15 pm

          The number of hate crime incidents reported to the FBI increased about 17 percent in 2017 compared with the previous year, according to the Uniform Crime Reporting Program’s annual Hate Crime Statistics report. […]

        • N-DEx Helps Sheriff’s Office Locate Two Felons
          on November 7, 2018 at 12:12 pm

          The FBI’s National Data Exchange (N-DEx) System was instrumental in helping the Troup County Sheriff's Office in Georgia locate two wanted felons. […]

        • N-DEx Links Kidnapper to Larger Human Trafficking Case
          on October 23, 2018 at 4:29 pm

          A U.S. Customs and Border Protection officer in Virginia used the FBI’s N-DEx System to help identify an unknown kidnapping suspect who became part of a larger human trafficking investigation. […]

        • 2017 Crime Statistics Released
          on September 26, 2018 at 6:26 am

          Both violent crime and property crime declined in 2017 when compared with 2016 data, according to the FBI’s annual Crime in the United States report. […]

        • Second Installment of LEOKA Released
          on September 11, 2018 at 8:25 am

          The second installment of Law Enforcement Officers Killed and Assaulted, 2017, was released on on July 30 and includes statistics about officers assaulted in the line of duty. […]

        • N-DEx Helps Catch Tennessee Absconders
          on August 28, 2018 at 6:56 pm

          The FBI’s National Data Exchange (N-DEx) System is instrumental in helping the Tennessee Department of Corrections locate probation and parole absconders. […]

        • CJIS Link
          on June 2, 2016 at 10:12 am

          The CJIS Link is a publication that tells our partners about new services and system capabilities, as well as relevant changes in policy. […]

        FBI Intelligence