US-CERT Alerts

CISA Alerts

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities

Author: CISA
Posted: September 15, 2020, 4:00 pm
Original release date: September 15, 2020

Summary

This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques.

This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI). CISA and FBI are aware of an Iran-based malicious cyber actor targeting several U.S. federal agencies and o...


Read More

AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

Author: CISA
Posted: September 14, 2020, 1:00 pm
Original release date: September 14, 2020

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies. CISA has observed these—and other threat actors with varying degrees of skill—routinely using open-source information to plan and execute cyber...


Read More

AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity

Author: CISA
Posted: September 1, 2020, 12:30 pm
Original release date: September 1, 2020 | Last revised: September 10, 2020

Summary

This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[1] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[6] It highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. The purpose of this report is to enhance incident response among partners a...


Read More

AA20-239A: FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks

Author: CISA
Posted: August 26, 2020, 2:17 pm
Original release date: August 26, 2020 | Last revised: September 3, 2020

Summary

This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques.

This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), the Federal Bureau of Investigation (FBI) and U.S. Cyber Command (U...


Read More

AA20-227A: Phishing Emails Used to Deploy KONNI Malware

Author: CISA
Posted: August 14, 2020, 12:59 pm
Original release date: August 14, 2020

Summary

This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) macro code to deploy KONNI malware. KONNI is a remote administration tool (RAT) u...


Read More