US-CERT Alerts

CISA Alerts

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

Author: CISA
Posted: May 11, 2021, 7:00 pm
Original release date: May 11, 2021 | Last revised: May 12, 2021

Summary

This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of a ransomware attack affecting a critical infrastructure (CI) entity—a pipeline company—in the United Sta...


Read More

AA21-116A: Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders

Author: CISA
Posted: April 26, 2021, 3:00 pm
Original release date: April 26, 2021

Summary

The Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—will continue to seek intelligence from U.S. and foreign entities through cyber exploitation, using a range of initial exploitation techniques that vary in soph...


Read More

AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities

Author: CISA
Posted: April 20, 2021, 3:03 pm
Original release date: April 20, 2021 | Last revised: May 3, 2021

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020 or earlier related to vulnerabilities in certain Ivanti Pulse Connect Secure products. Since March 31, 2021, CISA assisted multiple entities whose vulnerable Pulse Connect Se...


Read More

AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

Author: CISA
Posted: March 18, 2021, 6:00 pm
Original release date: March 18, 2021 | Last revised: April 15, 2021

Summary

Updated April 15, 2021: The U.S. Government attributes this activity to the Russian Foreign Intelligence Service (SVR). Additional information may be found in a statement from the White House. For more information on SolarWinds-related activity, go to https://us-cert.cisa.gov/remediating-apt-compromised-networks and https://www.cisa.gov/supply-chain-compromise.

This Alert announces the CISA Hunt and Incident Response...


Read More

AA21-076A: TrickBot Malware

Author: CISA
Posted: March 17, 2021, 3:00 pm
Original release date: March 17, 2021 | Last revised: March 24, 2021

Summary

This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spearphishing campaigns using TrickBot malware in North America. A sophisticated group...


Read More