US-CERT Alerts

CISA Alerts

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

AA21-055A: Exploitation of Accellion File Transfer Appliance

Author: CISA
Posted: February 24, 2021, 2:00 pm
Original release date: February 24, 2021 | Last revised: February 25, 2021

Summary

This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[1] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[5][6] These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA).[7] This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, ...


Read More

AA21-048A: AppleJeus: Analysis of North Korea’s Cryptocurrency Malware

Author: CISA
Posted: February 17, 2021, 4:00 pm
Original release date: February 17, 2021 | Last revised: February 18, 2021

Summary

This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.

This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the c...


Read More

AA21-042A: Compromise of U.S. Water Treatment Facility

Author: CISA
Posted: February 11, 2021, 7:15 pm
Original release date: February 11, 2021 | Last revised: February 12, 2021

Summary

On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed...


Read More

AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

Author: CISA
Posted: January 8, 2021, 4:36 pm
Original release date: January 8, 2021 | Last revised: February 4, 2021

Summary

This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.

This Alert is a companion alert to AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations. AA20-352A primarily focuses on an advanced persistent threat...


Read More

AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

Author: CISA
Posted: December 17, 2020, 3:00 pm
Original release date: December 17, 2020 | Last revised: February 8, 2021

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from...


Read More