Threats
Note: Most of my rss feeds on this page are currently broken. Sorry about that. Please consider the “Threats” section under construction for now.
Department of State
The Dept of State has several threat rss feeds, but they aren’t always up.
- We recently redesigned State.gov and are in the process of re-enabling RSS (Really Simple Syndication) feeds.on April 12, 2021 at 10:43 am
As in the past, you will be able to choose from several Department of State RSS feeds to get the latest news from the Department delivered directly to your desktop via an RSS reader or news aggregator. Or sign up to get updates via our email subscription service.
- We recently redesigned State.gov and are in the process of re-enabling RSS (Really Simple Syndication) feeds.on April 12, 2021 at 10:43 am
As in the past, you will be able to choose from several Department of State RSS feeds to get the latest news from the Department delivered directly to your desktop via an RSS reader or news aggregator. Or sign up to get updates via our email subscription service.
- We recently redesigned State.gov and are in the process of re-enabling RSS (Really Simple Syndication) feeds.on April 12, 2021 at 10:43 am
As in the past, you will be able to choose from several Department of State RSS feeds to get the latest news from the Department delivered directly to your desktop via an RSS reader or news aggregator. Or sign up to get updates via our email subscription service.
DHS
Threat information from the Department of Homeland Security (DHS), including the National Terrorism Advisory System and Cybersecurity alerts.
National Terrorism Advisory System (NTAS) Alerts
- Feed has no items.
Cybersecurity
- AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Toolby CISA on March 18, 2021 at 6:00 pm
Original release date: March 18, 2021 | Last revised: April 9, 2021SummaryThis Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following CISA Alerts: AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, which primarily focuses on an advanced persistent threat (APT) actor’s compromise of SolarWinds Orion products affecting U.S. government agencies, critical infrastructure entities, and private network organizations. AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments, which addresses APT activity within Microsoft 365/Azure environments and offers an overview of—and guidance on—available open-source tools. The Alert includes the CISA-developed Sparrow tool that helps network defenders […]
- AA21-076A: TrickBot Malwareby CISA on March 17, 2021 at 3:00 pm
Original release date: March 17, 2021 | Last revised: March 24, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spearphishing campaigns using TrickBot malware in North America. A sophisticated group of cybercrime actors is luring victims, via phishing emails, with a traffic infringement phishing scheme to download TrickBot. TrickBot—first identified in 2016—is a Trojan developed and operated by a sophisticated group of cybercrime actors. Originally designed as a banking Trojan to steal financial data, TrickBot has evolved into highly modular, multi-stage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities. To secure against […]
- AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilitiesby CISA on March 3, 2021 at 6:12 pm
Original release date: March 3, 2021 | Last revised: March 31, 2021SummaryNote: This Alert was updated March 25, 2021, to provide further guidance. Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to credentials stored on that system. Successful exploitation may additionally enable the attacker to compromise trust and identity in a vulnerable network. Microsoft released out-of-band patches to address vulnerabilities in Microsoft Exchange Server. The vulnerabilities impact on-premises Microsoft Exchange Servers and are not known to impact Exchange Online or Microsoft 365 (formerly O365) cloud email services. This Alert includes […]
- AA21-055A: Exploitation of Accellion File Transfer Applianceby CISA on February 24, 2021 at 2:00 pm
Original release date: February 24, 2021 | Last revised: February 25, 2021SummaryThis joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[1] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[5][6] These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA).[7] This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, the United Kingdom, and the United States. Worldwide, actors have exploited the vulnerabilities to attack multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors. According to Accellion, this activity involves attackers leveraging four vulnerabilities to target FTA customers.[8] In one incident, an attack on an SLTT organization […]
- AA21-048A: AppleJeus: Analysis of North Korea’s Cryptocurrency Malwareby CISA on February 17, 2021 at 4:00 pm
Original release date: February 17, 2021 | Last revised: March 2, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic People’s Republic of Korea (DPRK), and provide mitigation recommendations. Working with U.S. government partners, FBI, CISA, and Treasury assess that Lazarus Group—which these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actors—is targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of […]
- AA21-042A: Compromise of U.S. Water Treatment Facilityby CISA on February 11, 2021 at 7:15 pm
Original release date: February 11, 2021 | Last revised: February 12, 2021SummaryOn February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change. As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system. Early information indicates it is possible that a desktop sharing software, such as […]
- AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environmentsby CISA on January 8, 2021 at 4:36 pm
Original release date: January 8, 2021 | Last revised: April 8, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This Alert is a companion alert to AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations. AA20-352A primarily focuses on an advanced persistent threat (APT) actor’s compromise of SolarWinds Orion products as an initial access vector into networks of U.S. Government agencies, critical infrastructure entities, and private network organizations. As noted in AA20-352A, the Cybersecurity and Infrastructure Security Agency (CISA) has evidence of initial access vectors in addition to the compromised SolarWinds Orion products. This Alert also addresses activity—irrespective of the initial access vector leveraged—that CISA attributes to an […]
- AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizationsby CISA on December 17, 2020 at 3:00 pm
Original release date: December 17, 2020 | Last revised: February 8, 2021SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations. (Updated January 6, 2021): One of the initial access vectors for this activity is a supply chain compromise of a Dynamic Link Library (DLL) in the following SolarWinds Orion products (see Appendix A). Note: prior versions of this Alert included a single bullet that listed two platform versions for the same DLL. For clarity, the Alert now lists these platform versions that share the same DLL version number […]
- AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Databy CISA on December 10, 2020 at 5:00 pm
Original release date: December 10, 2020SummaryThis Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year. These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments. Click here for a PDF version of this report. Technical DetailsAs of […]
- AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanksby CISA on December 1, 2020 at 6:00 pm
Original release date: December 1, 2020SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed persistent continued cyber intrusions by advanced persistent threat (APT) actors targeting U.S. think tanks. This malicious activity is often, but not exclusively, directed at individuals and organizations that focus on international affairs or national security policy.[1] The following guidance may assist U.S. think tanks in developing network defense procedures to prevent or rapidly detect these attacks. APT actors have relied on multiple avenues for initial access. These have included low-effort capabilities such as spearphishing emails and third-party message services directed at both corporate and personal accounts, as […]
DOJ and FBI
Information from the Department of Justice (DOJ) and the FBI focused on federal law enforcement, significant cases in the news, and other alerts.
FBI Top Stories
- InfraGard Marks 25 Years of Protecting the Country’s Critical Infrastructureon April 9, 2021 at 10:00 am
From a small group that started in 1996 to an organization more than 75,000 strong today, InfraGard brings together representatives from the private and public sectors to help protect our nation’s critical infrastructure from attacks.
- Stopping Public Corruptionon April 7, 2021 at 6:00 am
A Philadelphia city employee who was supposed to be ferreting out corruption and mismanagement is now serving a federal prison sentence for using his official position to solicit and accept bribes.
- The Unabomber Case 25 Years Lateron April 2, 2021 at 7:00 am
A quarter-century ago, FBI agents raided the Montana cabin of Theodore Kaczynski after his writings were used to identify him as the elusive serial bomber who conducted a years-long reign of terror that left three dead and nearly two dozen injured.
- Change Agents: Women’s History Month 2021on March 25, 2021 at 7:00 am
Women in the FBI don't just break down doors—they break barriers and make change. Learn more about some of the women in FBI leadership and how they are making a difference every day.
- Cryptocurrencies a Growing Target of Thefton March 11, 2021 at 12:00 pm
Recent charges against North Korean hackers show cyber criminals are increasingly targeting virtual currency markets and exchanges.
- Concert Promoter Sentenced for Ponzi Schemeon March 3, 2021 at 6:00 am
A smooth talking concert promoter told investors he could make them rich. But instead, he and an associate swindled their victims out of more than $20 million—and are now serving prison time.
- Moving the Diversity Needleon February 26, 2021 at 9:00 am
Assistant Director A. Tonya Odom, who served for eight years as the FBI’s first chief diversity officer, looks back on her role as the leading advocate for diversity and inclusion at the Bureau.
- Honoring Our Fallen Agentson February 8, 2021 at 8:35 am
Memorial services were held in Florida to honor the lives of FBI Special Agents Laura Schwartzenberger and Daniel Alfin, who were killed in the line of duty February 2, 2021. We will always remember their ultimate sacrifice.
- Emotet Malware Disruptedon February 1, 2021 at 9:16 am
The FBI worked alongside foreign law enforcement and private sector partners in an innovative, coordinated effort to take down a destructive malware known as Emotet.
- Investment Fraudster Sentencedon January 27, 2021 at 6:00 am
A man who pretended to be an accountant and lawyer defrauded an unsuspecting family out of more than $700,000—and is now spending time behind bars.
- New Reward in Boston Chinatown Massacre Caseon January 12, 2021 at 11:00 am
The FBI and Boston Police are hoping a $30,000 reward will shed light on the whereabouts of a suspect in the execution-style murders of five men 30 years ago.
- Stopping Human Traffickingon January 11, 2021 at 6:00 am
The recent disruption of a Washington, D.C.-area trafficking ring shows the FBI's commitment to stopping human traffickers—during National Slavery and Human Trafficking Prevention Month and all year long.
- Hacker Who Disrupted PPE Shipments Sentencedon January 6, 2021 at 6:00 am
A disgruntled former employee of a medical equipment packaging company was sentenced for hacking into the company’s computer systems and disrupting the shipment of personal protective equipment during the COVID-19 pandemic.
- Innocent Images Program Marks 25 Yearson December 28, 2020 at 8:00 am
When a 1990s kidnapping case led FBI agents to individuals who were using the internet to share images of child sexual abuse and lure children into harm, it launched a revolution in how the FBI investigates these crimes.
- New Charges in Pan Am Flight 103 Bombingon December 21, 2020 at 11:00 am
Thirty-two years after the terrorist bombing of a Pan Am jet over Scotland killed 270 people, including 190 Americans, charges have been filed against a former Libyan intelligence operative for his alleged role in building the bomb.
- Truxton Woman Sentenced to 31 Months for Arsonon April 9, 2021 at 12:38 pm
Angelica Nebria Malena Chalepah of Truxton, Arizona, was sentenced to 31 months in prison, followed by three years of supervised release, for arson.
- FBI Releases 2020 Internet Crime Reporton April 9, 2021 at 11:53 am
The FBI’s Internet Crime Complaint Center (IC3) has released its annual report, which includes information from 791,790 complaints of suspected Internet crime.
- FBI Offers Reward for Information in Laser Strike Incidenton April 9, 2021 at 10:46 am
The FBI, in coordination with the U.S. Air Force, is offering a reward for information leading to the arrest of the suspect(s) responsible for a laser strike on an aircraft.
- Seventh Member of MS-13 Criminal Enterprise Indicted for Murderon April 9, 2021 at 8:36 am
Another member of the violent international street gang Mara Salvatrucha (MS-13) is set to appear in federal court for his alleged role in a 2018 murder.
- Three Family Members Sentenced for Health Care Fraud Schemes Targeting Veteranson April 8, 2021 at 5:05 pm
Brothers Mehran David Kohanbash and Joseph Kohan, and their nephew, Nima Rodefshalom, have been sentenced for their roles in an elaborate fraud scheme.
- Florida Man Sentenced to 35 Years in Federal Prison for Four Armed Robberieson April 8, 2021 at 5:03 pm
John Armstrong has been sentenced for two bank robberies, an attempted bank robbery, a Hobbs Act robbery, and three counts of brandishing a firearm during a crime of violence.
- Illinois Man Sentenced in Pittsburgh to Four Years for Aggravated ID Theft Scheme Involving High-End Vehicleson April 8, 2021 at 5:00 pm
Michael W. Decker, a resident of the state of Illinois, has been sentenced to four years in prison on his conviction of aggravated identity theft and conspiracy.
- FBI Offers $20,000 Reward for Information on Arson and Possession of a Destructive Deviceon April 8, 2021 at 4:56 pm
The FBI’s Seattle Field Office, ATF, and the Seattle Police Department are investigating an arson which occurred on August 24, 2020, at 11 p.m.
- Law Enforcement Partnerships Make Significant Impact on 2016 MS-13 Gang Related Murder Investigationon April 8, 2021 at 4:53 pm
Officials announced the convictions of subjects responsible for the 2016 murder of Clemente Jimenez-Lopez.
- Grosse Pointe Park Man Arrested in Scheme to Steal Funds from Religious Charityon April 8, 2021 at 4:30 pm
John R. Lynch, a Grosse Pointe Park resident, has been arrested in connection with a federal criminal complaint charging him with embezzlement and related charges.
- Wilkes-Barre Man Sentenced to 87 Months’ Imprisonment for Drug Trafficking and Firearms Offenseson April 8, 2021 at 4:10 pm
Jose Luis Vazques of Stroudsburg, Pennsylvania, has been sentenced to 87 months’ imprisonment for drug trafficking and firearms charges.
- Raul Bujanda Named Special Agent in Charge of the Albuquerque Field Officeon April 8, 2021 at 3:32 pm
Director Christopher Wray has named Raul Bujanda as the special agent in charge of the Albuquerque Field Office in New Mexico.
- CARES Act Fraud Investigations Identify 23 Individuals Targeting 31 Million Dollarson April 8, 2021 at 3:31 pm
Officials publicly updated information on criminal investigations and prosecutions involving COVID-19 pandemic fraud.
- Kyle Man Found Guilty of Sexual Abuse of a Minoron April 8, 2021 at 3:27 pm
Charles Good Voice Elk has been found guilty of sexual abuse and sexual abuse of a minor following a federal jury trial in Rapid City, South Dakota.
- FBI/New York Police Department Search for Armed Robbers, Offer Reward for Informationon April 8, 2021 at 3:22 pm
The FBI/New York Police Department Joint Major Theft Task Force is seeking assistance in finding a man wanted in connection with several robberies in the Bronx.
Kidnappings and Missing Persons
- Mobile Biometric App Helps FBI Assist Law Enforcement Partnerson March 30, 2021 at 7:00 am
The FBI uses biometric tools to help law enforcement partners identify victims and further their investigations.
- CJIS Division: 2020 Year in Reviewon February 2, 2021 at 6:00 am
The 2020 CJIS Division Year in Review highlights the support CJIS provides to law enforcement partners.
- Hate Crime Data Helps Law Enforcement Address Threaton January 19, 2021 at 6:00 am
The FBI collects hate crime statistics to help law enforcement target their resources to address these crimes.
- FBI Releases 2019 NIBRS Crime Dataon December 22, 2020 at 6:00 am
The FBI has released its annual National Incident-Based Reporting System (NIBRS) crime statistics for 2019.
- NCIC Helps Alaska Police Find Missing Person in Hawaiion November 24, 2020 at 5:00 am
NCIC helped a family in Alaska learn the whereabouts of their missing relative.
- Uniform Crime Reporting: Still Vital After 90 Years (Part 2)on November 10, 2020 at 6:00 am
The Uniform Crime Reporting Program has been providing the country with crime statistics for 90 years.
- FBI Releases Second Installment of LEOKA 2019on October 27, 2020 at 6:00 am
The second installment of the Law Enforcement Officers Killed and Assaulted, 2019 report includes data on law enforcement officers assaulted in the line of duty last year.
- FBI Releases 2019 Crime Statisticson October 1, 2020 at 6:00 am
The FBI released the 2019 edition of Crime in the United States on September 28, 2020.
- FBI Releases 2019 Participation Data for the National Use-of-Force Data Collectionon August 18, 2020 at 6:00 am
More than 5,000 federal, state, local, and tribal law enforcement agencies submitted use-of-force data to the National Use-of-Force Data Collection for 2019.
- Are You Ready? The Countdown to NIBRSon August 4, 2020 at 6:00 am
On January 1, 2021, the FBI will retire SRS in a major initiative to upgrade and update the nation’s crime statistics.
- Uniform Crime Reporting Program: Still Vital After 90 Yearson June 23, 2020 at 6:45 am
The Uniform Crime Reporting Program has been providing the country with crime statistics for 90 years.
- Nation’s Law Enforcement Agencies Transition to NIBRS Crime Reporting Systemon March 3, 2020 at 6:30 am
Law enforcement agencies’ transitions to National Incident-Based Reporting System will improve quality of the nation’s crime data.
- CJIS Division: 2019 Year in Reviewon February 18, 2020 at 6:00 am
The 2019 Criminal Justice Information Services Division's Year in Review highlights the division's commitment to provide the best possible tools for its law enforcement partners.
- How Can NIBRS Help Colleges and Universities?on January 21, 2020 at 6:00 am
The FBI and its law enforcement partners developed the National Incident-Based Reporting System (NIBRS) to provide more detailed crime statistics to benefit all law enforcement agencies, including campus law enforcement.
- CJIS Linkon June 2, 2016 at 10:12 am
The CJIS Link is a publication that tells our partners about new services and system capabilities, as well as relevant changes in policy.
FBI Intelligence
- Feed has no items.