Threats

Note: Most of my rss feeds on this page are currently broken. Sorry about that. Please consider the “Threats” section under construction for now.

Department of State

The Dept of State has several threat rss feeds, but they aren’t always up.

DHS

Threat information from the Department of Homeland Security (DHS), including the National Terrorism Advisory System and Cybersecurity alerts.

National Terrorism Advisory System (NTAS) Alerts

    Feed has no items.

Cybersecurity

  • AA20-266A: LokiBot Malware
    by CISA on September 22, 2020 at 3:00 pm

    Original release date: September 22, 2020 | Last revised: September 23, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) with contributions by the Multi-State Information Sharing & Analysis Center (MS-ISAC). CISA has observed a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020. Throughout this period, CISA’s EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected persistent malicious LokiBot activity. LokiBot uses a credential- and information-stealing malware, often sent as a malicious attachment and known for being simple, yet effective, making it an attractive tool for a broad range of cyber actors across a wide variety of data compromise use […]

  • AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities
    by CISA on September 15, 2020 at 4:00 pm

    Original release date: September 15, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI). CISA and FBI are aware of an Iran-based malicious cyber actor targeting several U.S. federal agencies and other U.S.-based networks. Analysis of the threat actor’s indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) indicates a correlation with the group known by the names, Pioneer Kitten and UNC757. This threat actor has been observed exploiting several publicly known Common Vulnerabilities and Exposures (CVEs) dealing with Pulse Secure virtual private network (VPN), Citrix NetScaler, and F5 vulnerabilities. This threat actor used these vulnerabilities to gain […]

  • AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
    by CISA on September 14, 2020 at 1:00 pm

    Original release date: September 14, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies. CISA has observed these—and other threat actors with varying degrees of skill—routinely using open-source information to plan and execute cyber operations. CISA leveraged the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK frameworks to characterize the TTPs used by Chinese MSS-affiliated actors. This product was written by CISA with contributions by the Federal Bureau of Investigation (FBI). Key Takeaways Chinese MSS-affiliated cyber threat actors use open-source information to plan and conduct cyber operations. Chinese MSS-affiliated cyber threat actors use readily available exploits […]

  • AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity
    by CISA on September 1, 2020 at 12:30 pm

    Original release date: September 1, 2020 | Last revised: September 24, 2020SummaryThis joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[1] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[6] It highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. The purpose of this report is to enhance incident response among partners and network administrators along with serving as a playbook for incident investigation. Key Takeaways When addressing potential incidents and applying best practice incident response procedures: First, collect and remove for further analysis: Relevant artifacts, Logs, and Data. Next, implement mitigation steps that avoid tipping off the adversary that their presence in the network has been discovered. Finally, consider soliciting incident response support from a third-party IT security […]

  • AA20-239A: FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks
    by CISA on August 26, 2020 at 2:17 pm

    Original release date: August 26, 2020 | Last revised: September 3, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), the Federal Bureau of Investigation (FBI) and U.S. Cyber Command (USCYBERCOM). Working with U.S. government partners, CISA, Treasury, FBI, and USCYBERCOM identified malware and indicators of compromise (IOCs) used by the North Korean government in an automated teller machine (ATM) cash-out scheme—referred to by the U.S. Government as “FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks.” CISA, Treasury, FBI, and USCYBERCOM highlight the cyber threat posed by North Korea—formally known as the Democratic People’s Republic of Korea (DPRK)—and […]

  • AA20-227A: Phishing Emails Used to Deploy KONNI Malware
    by CISA on August 14, 2020 at 12:59 pm

    Original release date: August 14, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA) has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) macro code to deploy KONNI malware. KONNI is a remote administration tool (RAT) used by malicious cyber actors to steal files, capture keystrokes, take screenshots, and execute arbitrary code on infected hosts. Technical DetailsKONNI malware is often delivered via phishing emails as a Microsoft Word document with a malicious VBA macro code (Phishing: Spearphising Attachment [T1566.001]). The malicious code can change the font color from light grey to black (to fool the user to enable content), check if the Windows operating system is a 32-bit or 64-bit version, and […]

  • AA20-225A: Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails
    by CISA on August 12, 2020 at 1:49 pm

    Original release date: August 12, 2020 | Last revised: August 14, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing. Technical DetailsCISA analysts observed an unknown malicious cyber actor sending a phishing email to various Federal Civilian Executive Branch and state, local, tribal, and territorial government recipients. The phishing email contains: A subject line, SBA Application – Review and Proceed A sender, marked as disastercustomerservice@sba[.]gov Text in the email body urging the recipient to click on a hyperlink to address:hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov The domain resolves to IP address: 162.214.104[.]246 Figure 1 is a […]

  • AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices
    by CISA on July 27, 2020 at 12:20 pm

    Original release date: July 27, 2020 | Last revised: August 6, 2020SummaryThis is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.   All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates. This alert summarizes the findings of CISA and NCSC analysis and provides mitigation advice. Click here for a PDF version of this report from NCSC. For a […]

  • AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902
    by CISA on July 24, 2020 at 10:59 am

    Original release date: July 24, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902 on June 30, 2020.[1] Unpatched F5 BIG-IP devices are an attractive target for malicious actors. Affected organizations that have not applied the patch to fix this critical remote code execution (RCE) vulnerability risk an attacker exploiting CVE-2020-5902 to take control of their system. Note: F5’s security advisory for CVE-2020-5902 states that there is a high probability that any remaining unpatched devices are likely already compromised. CISA expects to see continued attacks exploiting unpatched F5 BIG-IP devices and strongly urges users and administrators to upgrade their software to the fixed versions. CISA also advises that administrators deploy the signature included in this Alert to […]

  • AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems
    by CISA on July 23, 2020 at 2:29 pm

    Original release date: July 23, 2020SummaryNote: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and ATT&CK for Industrial Control Systems frameworks for all referenced threat actor techniques and mitigations. Over recent months, cyber actors have demonstrated their continued willingness to conduct malicious cyber activity against critical infrastructure (CI) by exploiting internet-accessible operational technology (OT) assets.[1] Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression. OT assets are critical to the Department of Defense (DoD) mission and underpin essential National Security Systems (NSS) and services, as well as […]

DOJ and FBI

Information from the Department of Justice (DOJ) and the FBI focused on federal law enforcement, significant cases in the news, and other alerts.

FBI Top Stories

  • Robots Help Manage Billions of Pages at New FBI Central Records Complex
    on August 12, 2020 at 2:00 am

    The new facility in Virginia will house more than 2 billion pages of records and enlists robots to help with filing and retrieval.

  • Trade Secret Theft
    on July 29, 2020 at 10:14 am

    A lengthy FBI investigation resulted in guilty pleas from two men who admitted to their roles in stealing trade secrets from General Electric to start a competing business in another country.

  • Danger Beneath the Surface
    on July 22, 2020 at 6:00 am

    Get an interactive look at how the FBI’s Underwater Post-Blast Investigation course prepares the nation's public safety bomb tech divers to counter threats in their home harbors and waterways.

  • Money Mule Reined In
    on July 16, 2020 at 6:00 am

    When a Texas school district fell victim to a $2 million business email compromise scheme, a Florida man moved much of the stolen money away from law enforcement’s grasp—and is now spending time behind bars.

  • Rescuing Victims of Child Sexual Abuse
    on July 1, 2020 at 7:00 am

    The FBI's Endangered Child Alert Program and Operation Rescue Me initiative support an urgent effort to identify and aid the young victims being harmed in images of child sexual abuse.

  • An Inside Job
    on June 24, 2020 at 7:00 am

    Three roommates planned out a profitable bank heist with a movie-worthy plot twist. Unfortunately for the criminals, the story’s ending was written by the FBI and our partners.

  • Stopping Hackers in Their Tracks
    on June 17, 2020 at 7:00 am

    When an Atlanta tech company fell victim to a hacker, its quick reaction and collaboration with the FBI helped find and convict the culprit.

  • An ‘Empathetic Pioneer’
    on June 10, 2020 at 10:00 am

    Over nearly two decades, Kathryn Turman has developed and shaped the FBI's approach to victim services and achieved an abiding life goal to make a contribution.

  • Staying Safe During the COVID-19 Pandemic
    on June 5, 2020 at 7:30 am

    Learn how to protect yourself, your family, and your wallet from emerging crimes against children and financial scams related to the COVID-19 crisis.

  • Billion-Dollar Secrets Stolen
    on May 27, 2020 at 6:53 am

    A scientist working for a U.S. energy company in Oklahoma was sentenced for stealing valuable trade secrets for the benefit of a Chinese firm.

  • Health Care Fraud Ring Busted
    on May 13, 2020 at 9:25 am

    A youth football coach and his co-conspirators have been sentenced for stealing millions of dollars from Medicaid by using children’s information to bill for fake mental health treatments.

  • IC3 Marks 20 Years
    on May 8, 2020 at 1:30 pm

    The crimes catalogued by the Internet Crime Complaint Center mirror the evolution of the web across two decades—growing in sophistication and number as the internet grows ever more essential to our lives.

  • Giving Families a Lift
    on April 29, 2020 at 2:00 pm

    To honor the memory of the daughter of a retired agent, FBI volunteers help law enforcement families with sick children receiving treatment at Children's Hospital of Philadelphia.

  • Child Predator Jailed for Life
    on April 22, 2020 at 7:37 am

    An FBI agent who has dedicated much of his career to pursuing those who exploit children shares the details of one investigation and offers tips for parents and caregivers on keeping kids safe.

  • Protect Yourself from Pandemic Scammers
    on April 6, 2020 at 7:00 am

    The head of our Financial Crimes Section discusses scams and crimes related to the COVID-19 pandemic and offers tips on how to protect yourself.

Kidnappings and Missing Persons

FBI Intelligence

    Feed has no items.