US-CERT Alerts

US-CERT Alerts

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

Author: US-CERT
Posted: June 13, 2017, 3:45 pm
Original release date: June 13, 2017 | Last revised: June 15, 2017

Systems Affected

Networked Systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United S...


Read More

TA17-163A: CrashOverride Malware

Author: US-CERT
Posted: June 12, 2017, 9:44 pm
Original release date: June 12, 2017 | Last revised: June 14, 2017

Systems Affected

Industrial Control Systems

Overview

The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine. As reported by ESET and Dragos, the CrashOverride malware is an extensible platform that c...


Read More

TA17-156A: Reducing the Risk of SNMP Abuse

Author: US-CERT
Posted: June 6, 2017, 12:11 am
Original release date: June 05, 2017

Systems Affected

SNMP enabled devices

Overview

The Simple Network Management Protocol (SNMP) may be abused to gain unauthorized access to network devices. SNMP provides a standardized framework for a common language that is used for monitoring and managing devices in a network.

This Alert provides information on SNMP best practices, along with prevention and mitigation recommendations.

Description

SNMP depends on secure strings (or “community s...


Read More

TA17-132A: Indicators Associated With WannaCry Ransomware

Author: US-CERT
Posted: May 13, 2017, 1:36 am
Original release date: May 12, 2017 | Last revised: May 19, 2017

Systems Affected

Microsoft Windows operating systems

Overview

According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in over 150 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages.

The latest version of this ransomwar...


Read More

TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors

Author: US-CERT
Posted: April 27, 2017, 10:50 pm
Original release date: April 27, 2017 | Last revised: May 14, 2017

Systems Affected

Networked Systems

Overview

The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including Information Technology, Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.

Accord...


Read More