US-CERT Alerts

US-CERT Alerts

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

TA17-181A: Petya Ransomware

Author: US-CERT
Posted: July 1, 2017, 5:41 am
Original release date: July 01, 2017 | Last revised: July 28, 2017

Systems Affected

Microsoft Windows operating systems

Overview

This Alert has been updated to reflect the National Cybersecurity and Communications Integration Center's (NCCIC) analysis of the "NotPetya" malware variant.

The scope of this Alert’s analysis is limited to the newest Petya malware variant that surfaced on June 27, 2017. This malware is referred to as “NotPetya” throughout this Alert.

On June 27, 2017, NCCIC [1...


Read More

TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

Author: US-CERT
Posted: June 13, 2017, 3:45 pm
Original release date: June 13, 2017 | Last revised: August 23, 2017

Systems Affected

Networked Systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United...


Read More

TA17-163A: CrashOverride Malware

Author: US-CERT
Posted: June 12, 2017, 9:44 pm
Original release date: June 12, 2017 | Last revised: July 27, 2017

Systems Affected

Industrial Control Systems

Overview

The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine. As reported by ESET and Dragos, the CrashOverride malware is an extensible platform that c...


Read More

TA17-156A: Reducing the Risk of SNMP Abuse

Author: US-CERT
Posted: June 6, 2017, 12:11 am
Original release date: June 05, 2017

Systems Affected

SNMP enabled devices

Overview

The Simple Network Management Protocol (SNMP) may be abused to gain unauthorized access to network devices. SNMP provides a standardized framework for a common language that is used for monitoring and managing devices in a network.

This Alert provides information on SNMP best practices, along with prevention and mitigation recommendations.

Description

SNMP depends on secure strings (or “community s...


Read More

TA17-132A: Indicators Associated With WannaCry Ransomware

Author: US-CERT
Posted: May 13, 2017, 1:36 am
Original release date: May 12, 2017 | Last revised: May 19, 2017

Systems Affected

Microsoft Windows operating systems

Overview

According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in over 150 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages.

The latest version of this ransomwar...


Read More