AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks
date: December 1, 2020
Summary
This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.
AA20-304A: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data
date: October 30, 2020 | Last revised: November 3, 2020
Summary
This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor techniques.
AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector
date: October 28, 2020 | Last revised: November 2, 2020
Summary
This advisory was updated to include information on Conti, TrickBot, and BazarLoader, including new IOCs and Yara Rules for detection.
AA20-296B: Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems
date: October 22, 2020
Summary
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that Iranian advanced persistent threat (APT) actors are likely intent on influencing and interfering with the U.S. elections to sow discord among voters and undermine public confidence in the U.S. electoral process.
AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability
Summary
The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions:
AA19-122A: New Exploits for Unsecure SAP Systems
Summary
The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target unsecure configurations of SAP components. [1]
AA19-024A: DNS Infrastructure Hijacking Campaign
Summary
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.
AA18-337A: SamSam Ransomware
Summary
The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.
TA18-331A: 3ve – Major Online Ad Fraud Operation
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation – referred to by the U.S. Government as “3ve” – involving the control of over 1.7 million unique Internet Protocol (IP) addresses globally, when sampled over a 10-day window.
AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
Summary
This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5]
