US-CERT Alerts

US-CERT Alerts

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

AA19-024A: DNS Infrastructure Hijacking Campaign

Author: US-CERT
Posted: January 24, 2019, 8:01 pm
Original release date: January 24, 2019 | Last revised: February 13, 2019

Summary

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to ...


Read More

AA18-337A: SamSam Ransomware

Author: US-CERT
Posted: December 3, 2018, 4:18 pm
Original release date: December 03, 2018

Summary

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recomm...


Read More

TA18-331A: 3ve – Major Online Ad Fraud Operation

Author: US-CERT
Posted: November 27, 2018, 5:09 pm
Original release date: November 27, 2018

Systems Affected

Microsoft Windows

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred to by the U.S. Government as "3ve"—involving the control of over 1.7 million unique Internet Protocol (IP) addres...


Read More

AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide

Author: US-CERT
Posted: October 11, 2018, 3:19 pm
Original release date: October 11, 2018

Summary

This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5]

In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. The five tools are:

  1. Remote Access Trojan: JBiFrost
  2. Webshell: China Chopper
  3. Credential Stealer: Mimikatz
  4. L...

Read More

TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers

Author: US-CERT
Posted: October 3, 2018, 11:47 am
Original release date: October 03, 2018

Systems Affected

Network Systems

Overview

The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims i...


Read More