US-CERT Alerts

US-CERT Alerts

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

AA18-337A: SamSam Ransomware

Author: US-CERT
Posted: December 3, 2018, 4:18 pm
Original release date: December 03, 2018

Summary

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recomm...


Read More

TA18-331A: 3ve – Major Online Ad Fraud Operation

Author: US-CERT
Posted: November 27, 2018, 5:09 pm
Original release date: November 27, 2018

Systems Affected

Microsoft Windows

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred to by the U.S. Government as "3ve"—involving the control of over 1.7 million unique Internet Protocol (IP) addres...


Read More

AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide

Author: US-CERT
Posted: October 11, 2018, 3:19 pm
Original release date: October 11, 2018

Summary

This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5]

In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. The five tools are:

  1. Remote Access Trojan: JBiFrost
  2. Webshell: China Chopper
  3. Credential Stealer: Mimikatz
  4. L...

Read More

TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers

Author: US-CERT
Posted: October 3, 2018, 11:47 am
Original release date: October 03, 2018

Systems Affected

Network Systems

Overview

The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims i...


Read More

TA18-276A: Using Rigorous Credential Control to Mitigate Trusted Network Exploitation

Author: US-CERT
Posted: October 3, 2018, 11:00 am
Original release date: October 03, 2018

Systems Affected

Network Systems

Overview

This technical alert addresses the exploitation of trusted network relationships and the subsequent illicit use of legitimate credentials by Advanced Persistent Threat (APT) actors. It identifies APT actors' tactics, techniques, and procedures (TTPs) and describes the best practices that could be employed to mitigate each of them. The mitigations for each TTP are arranged according ...


Read More