Amdall Gallery

Original release date: January 24, 2019 | Last revised: February 13, 2019Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.See the following links for downloadable copies of open-source indicators of compromise (IOCs) from the sources listed in the References section below:IOCs (.csv)IOCs (.stix)Note: these files were last updated February 13, 2019, to remove the following three non-malicious IP […]

Original release date: December 03, 2018Summary The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.The SamSam actors targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally. Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms.The actors […]

Original release date: November 27, 2018Systems Affected Microsoft Windows Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred to by the U.S. Government as "3ve"—involving the control of over 1.7 million unique Internet Protocol (IP) addresses globally, when sampled over a 10-day window. Description Online advertisers desire premium websites on which to publish their ads and large numbers of visitors to view those ads. 3ve created fake versions of both (websites and visitors), and funneled the advertising revenue to cyber criminals. 3ve obtained control over 1.7 million unique IPs by leveraging victim computers infected with Boaxxe/Miuref and Kovter malware, as well as Border […]

Original release date: October 11, 2018Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5]In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. The five tools are:Remote Access Trojan: JBiFrostWebshell: China ChopperCredential Stealer: MimikatzLateral Movement Framework: PowerShell EmpireC2 Obfuscation and Exfiltration: HUC Packet TransmitterTo aid the work of network defenders and systems administrators, we also provide advice on limiting the effectiveness of these tools and detecting their use on a network.The individual tools we cover in this report are limited examples of the types of tools used by threat actors. You should not consider this an exhaustive list when planning your network defense.Tools and techniques for exploiting networks […]

Original release date: October 03, 2018Systems Affected Network Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.This Technical Alert (TA) provides information and guidance to assist MSP customer network and system administrators with the detection of malicious activity on their networks and systems and the mitigation of associated risks. This TA includes an overview of TTPs used by APT actors in MSP network environments, recommended mitigation […]

Original release date: October 03, 2018Systems Affected Network Systems Overview This technical alert addresses the exploitation of trusted network relationships and the subsequent illicit use of legitimate credentials by Advanced Persistent Threat (APT) actors. It identifies APT actors' tactics, techniques, and procedures (TTPs) and describes the best practices that could be employed to mitigate each of them. The mitigations for each TTP are arranged according to the National Institute of Standards and Technology (NIST) Cybersecurity Framework core functions of Protect, Detect, Respond, and Recover. Description APT actors are using multiple mechanisms to acquire legitimate user credentials to exploit trusted network relationships in order to expand unauthorized access, maintain persistence, and exfiltrate data from targeted organizations. Suggested best practices for administrators to mitigate this threat include auditing credentials, […]

Original release date: October 02, 2018 | Last revised: December 21, 2018Systems Affected Retail Payment Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS, Treasury, and FBI identified malware and other indicators of compromise (IOCs) used by the North Korean government in an Automated Teller Machine (ATM) cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.FBI has high confidence that HIDDEN COBRA actors are using the IOCs listed in this report to maintain a presence on victims’ networks to enable network exploitation. […]

Original release date: July 20, 2018Systems Affected Network Systems Overview Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.This joint Technical Alert (TA) is the result of Multi-State Information Sharing & Analysis Center (MS-ISAC) analytic efforts, in coordination with the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC). Description Emotet continues to be among the most costly and destructive malware affecting SLTT governments. Its worm-like features result in rapidly spreading network-wide infection, which are difficult to combat. Emotet infections have cost SLTT governments up to $1 million per incident to remediate.Emotet is an […]

Original release date: May 29, 2018 | Last revised: May 31, 2018Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with two families of malware used by the North Korean government:a remote access tool (RAT), commonly known as Joanap; anda Server Message Block (SMB) worm, commonly known as Brambul.The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and […]

Original release date: May 25, 2018 | Last revised: June 07, 2018Systems Affected Small office/home office (SOHO) routersNetworked devicesNetwork-attached storage (NAS) devicesOverview Cybersecurity researchers have identified that foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide [1] [2] [3]. The actors used VPNFilter malware to target small office/home office (SOHO) routers. VPNFilter malware uses modular functionality to collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic. Specific characteristics of VPNFilter have only been observed in the BlackEnergy malware, specifically BlackEnergy versions 2 and 3.The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) recommend that owners of SOHO routers power cycle (reboot) SOHO routers and networked devices to temporarily disrupt the malware.DHS and […]

This year marks the 100th anniversary of African-American special agents in the FBI, and we honor the countless contributions these agents have made over the last century in making the Bureau stronger and the nation safer. […]

A former U.S. Air Force intelligence specialist has been charged with espionage on behalf of Iran in an indictment that also charges four Iranians with a cyber campaign targeting U.S. intelligence personnel. […]

A company founder who drew investors into the emerging market of digital currencies with false claims—ultimately defrauding them of more than $9 million—will be spending time in prison. […]

A prominent New York gallery owner is spending time behind bars for his role in an elaborate scheme to defraud art dealers and collectors out of millions of dollars. […]

Through strong partnerships with Georgia Tech and Malaysian authorities, the FBI brought to justice two hackers who stole from personnel at U.S. colleges and universities. […]

January marks National Slavery and Human Trafficking Prevention Month, but a recent case illustrates how the FBI works with partners year-round to get traffickers off the streets and help victims rebuild their lives. […]

Chinese telecommunications equipment manufacturing giant Huawei has been charged with bank fraud, wire fraud, conspiracy to defraud the United States, and theft of trade secrets, among other crimes. […]

On the 30th anniversary of the terrorist bombing of Pan Am Flight 103 over Lockerbie, Scotland, family members and officials gathered at Arlington National Cemetery to honor the 270 victims lost in the attack. […]

Two hackers associated with the Chinese government have been indicted for infiltrating numerous companies around the globe as well as U.S. government agencies. […]

Acting as a money mule, or moving illegally acquired funds at the direction of another person, aids the work of criminals and is itself a crime. […]

Thirty years after the terrorist bombing of Pan Am Flight 103 over Lockerbie, Scotland, the FBI and its partners are still actively seeking justice for the 270 victims and their families. […]

The FBI released information on more than 6 million criminal offenses submitted to its National Incident-Based Reporting System last year, as law enforcement continues transitioning to the more robust system. […]

A man who profited from the ransomware known as Reveton, which appropriated the FBI logo to scare victims into paying to unlock computers infected with the malware, will be spending time in prison. […]

A fraudster and his associates who bought credit card numbers online and used them to buy prepaid gift cards and money orders—stealing thousands of dollars in the process—have been sentenced for their crimes. […]

Two Iranian men were indicted in connection with the deployment of the sophisticated and sinister SamSam ransomware that crippled the operations of critical facilities in the U.S. and Canada. […]

Throughout 2019, the FBI will honor the 100-year history of African-American special agents’ service to the FBI and the United States through a coordinated campaign titled Our History, Our Service. […]

The FBI Albany Division has selected Syracuse resident Susan Case DeMari as the recipient of the 2018 Director’s Community Leadership Award. […]

The FBI is seeking the public’s assistance to identify the individual believed to be responsible for three bank robberies in San Diego County. […]

The FBI Washington Field Office seeks assistance from the public to identify a serial bank robber dubbed the Beltway Bank Bandit. […]

James M. Schneider, a Boca Raton attorney, received 84 months’ imprisonment after previously being convicted various fraud charges. […]

John Eastham Clark M.D. of Baton Rouge and his medical billing supervisor, Charlene Anita Severio, pleaded guilty in a scheme to defraud Medicare. […]

Two San Diego physical therapy clinics and their owners paid $450,000 to resolve allegations that they fraudulently billed military health care provider TRICARE. […]

Vital Life Institute LLC and owners Jenny and William Wilkins have agreed to pay at least $775,000 to resolve claims that they violated the False Claims Act. […]

Steven Brown of Chicopee has been sentenced in Springfield for distributing heroin. […]

William M. Bell of St. Joseph has been arrested and indicted on federal child pornography charges. […]

Between the evening hours of Valentine’s Day 2014 and noon the following day, a 75-year-old Counselor, New Mexico man was beaten to death. […]

The FBI and Sandy Springs Police Department are asking for the public’s help in identifying a suspect who robbed a PNC Bank on February 6, 2019. […]

The FBI Sacramento Field Office will host its Spring 2019 FBI Teen Academy at its headquarters in Roseville on Friday, April 12, 2019. […]

The FBI charged Douglas B. Smyser with interfering with a flight crew for disturbing behavior aboard Compass Air flight 6054. […]

Reynaldo Jesus Peralez has been sentenced to 75 months in prison in San Antonio for scheming to defraud investors of over $3.5 million dollars. […]

The FBI released information on more than 6 million criminal offenses submitted to its National Incident-Based Reporting System last year, as law enforcement continues transitioning to the more robust system. […]

The official launch of the National Use-of-Force Data Collection, which offers a comprehensive view of use-of-force incidents, will take place on January 1, 2019. […]

For two decades, the National Instant Criminal Background Check System (NICS) has been ascertaining a person’s eligibility under law to receive or possess a firearm. […]

The number of hate crime incidents reported to the FBI increased about 17 percent in 2017 compared with the previous year, according to the Uniform Crime Reporting Program’s annual Hate Crime Statistics report. […]

The FBI’s National Data Exchange (N-DEx) System was instrumental in helping the Troup County Sheriff's Office in Georgia locate two wanted felons. […]

A U.S. Customs and Border Protection officer in Virginia used the FBI’s N-DEx System to help identify an unknown kidnapping suspect who became part of a larger human trafficking investigation. […]

Both violent crime and property crime declined in 2017 when compared with 2016 data, according to the FBI’s annual Crime in the United States report. […]

The second installment of Law Enforcement Officers Killed and Assaulted, 2017, was released on on July 30 and includes statistics about officers assaulted in the line of duty. […]

The FBI’s National Data Exchange (N-DEx) System is instrumental in helping the Tennessee Department of Corrections locate probation and parole absconders. […]

The CJIS Division’s Special Processing Center (SPC) identified an unknown deceased subject in Ohio after submitting fingerprints to the Department of Homeland Security's IDENT System. […]

The FBI’s National Data Exchange (N-DEx) System helped an investigator in West Virginia identify a previously unknown suspect who participated in the violent attack of a woman in a grocery store parking lot. […]

The CJIS Division’s Special Processing Center used fingerprints to identify the remains of a male victim found in New York City, bringing closure to a cold case that had been open since 1995. […]

The National Incident-Based Reporting System (NIBRS), a more detailed and comprehensive crime reporting system, is replacing the Summary Reporting System (SRS) on January 1, 2021. […]

The UCR Program has begun developing methodology to collect and publish data on police-involved shootings and use of force. […]

The CJIS Link is a publication that tells our partners about new services and system capabilities, as well as relevant changes in policy. […]

During World War II, Argentina was a hotbed of intrigue and proved to be a tough environment for […]

During a meeting of intelligence and national security leaders, FBI Director Christopher Wray […]

The FBI's Weapons of Mass Destruction Directorate was established 10 years ago and today serves as […]

New collaborative program at FBI Academy integrates agents and intelligence analysts. […]

Director Comey joined Director of National Intelligence Clapper and several other Intelligence […]

The FBI vigilantly investigates cases of industrial espionage and theft of intellectual property, […]

Standing outside the White House on a sunny day in May 1955, President Dwight Eisenhower smiled as […]

Economic espionage is a significant threat to our country’s economic health and security. […]

Investigating financial crime is like working a puzzle—you have to fit all of the pieces of […]

At the National Virtual Translation Center’s offices near FBI Headquarters in Washington […]