Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-12-02FBIFBI
@techreport{fbi:20211202:cu000156mw:b256f8b, author = {FBI}, title = {{CU-000156-MW: Indicators of Compromise Associated with Cuba Ransomware}}, date = {2021-12-02}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/211203-2.pdf}, language = {English}, urldate = {2021-12-07} } CU-000156-MW: Indicators of Compromise Associated with Cuba Ransomware
Cuba
2021-11-17CISAFBI, CISA, Australian Cyber Security Centre (ACSC), NCSC UK
@techreport{fbi:20211117:iranian:e4ba10a, author = {FBI and CISA and Australian Cyber Security Centre (ACSC) and NCSC UK}, title = {{Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities}}, date = {2021-11-17}, institution = {CISA}, url = {https://us-cert.cisa.gov/sites/default/files/publications/AA21-321A-Iranian%20Government-Sponsored%20APT%20Actors%20Exploiting%20Microsoft%20Exchange%20and%20Fortinet%20Vulnerabilities.pdf}, language = {English}, urldate = {2021-11-18} } Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
2021-11-16FBIFBI
@techreport{fbi:20211116:ac000155mw:6acf3ec, author = {FBI}, title = {{AC-000155-MW: An APT Group Exploiting a 0-day in FatPipe WARP, MPVPN, and IPVPN Software}}, date = {2021-11-16}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/211117-2.pdf}, language = {English}, urldate = {2021-11-18} } AC-000155-MW: An APT Group Exploiting a 0-day in FatPipe WARP, MPVPN, and IPVPN Software
2021-11-10RT on the RussianEkaterina Suslova, Aleksey Polyakov, Elizaveta Koroleva, Alena Goinskaya
@online{suslova:20211110:he:f915f5b, author = {Ekaterina Suslova and Aleksey Polyakov and Elizaveta Koroleva and Alena Goinskaya}, title = {{"He does not get in touch": what is known about Barnaul, wanted by the FBI on charges of cybercrime}}, date = {2021-11-10}, organization = {RT on the Russian}, url = {https://russian.rt.com/russia/article/926347-barnaulec-rozysk-fbr-kibermoshennichestvo}, language = {Russian}, urldate = {2021-11-19} } "He does not get in touch": what is known about Barnaul, wanted by the FBI on charges of cybercrime
REvil REvil
2021-11-08FBIFBI
@online{fbi:20211108:wanted:f676a91, author = {FBI}, title = {{WANTED poster for Yevhgyeniy Polyanin (REvil affiliate)}}, date = {2021-11-08}, organization = {FBI}, url = {https://www.fbi.gov/wanted/cyber/yevgyeniy-igoryevich-polyanin}, language = {English}, urldate = {2021-11-09} } WANTED poster for Yevhgyeniy Polyanin (REvil affiliate)
REvil REvil
2021-11-02SpearTipChris Swagler
@online{swagler:20211102:fbi:6fe349f, author = {Chris Swagler}, title = {{FBI Warning: HelloKitty Ransomware Add DDoS to Extortion Arsenal}}, date = {2021-11-02}, organization = {SpearTip}, url = {https://www.speartip.com/resources/fbi-hellokitty-ransomware-adds-ddos-to-extortion-arsenal/}, language = {English}, urldate = {2021-11-03} } FBI Warning: HelloKitty Ransomware Add DDoS to Extortion Arsenal
HelloKitty
2021-11-01FBIFBI
@techreport{fbi:20211101:pin:a9b78d3, author = {FBI}, title = {{PIN Number 20211101-001: Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate Targeting and Extortion of Victims}}, date = {2021-11-01}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/211101.pdf}, language = {English}, urldate = {2021-11-03} } PIN Number 20211101-001: Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate Targeting and Extortion of Victims
DarkSide RansomEXX DarkSide PyXie RansomEXX
2021-10-28FBIFBI
@techreport{fbi:20211028:cu000154mw:086d032, author = {FBI}, title = {{CU-000154-MW: Tactics, Techniques, and Indicators of Compromise Associated with Hello Kitty/FiveHands Ransomware}}, date = {2021-10-28}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/211029.pdf}, language = {English}, urldate = {2021-11-03} } CU-000154-MW: Tactics, Techniques, and Indicators of Compromise Associated with Hello Kitty/FiveHands Ransomware
HelloKitty
2021-10-25FBIFBI
@techreport{fbi:20211025:cu000153mw:f4b0c29, author = {FBI}, title = {{CU-000153-MW: Indicators of Compromise Associated with Ranzy Locker Ransomware}}, date = {2021-10-25}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/211026.pdf}, language = {English}, urldate = {2021-11-03} } CU-000153-MW: Indicators of Compromise Associated with Ranzy Locker Ransomware
ThunderX
2021-09-21Washington PostEllen Nakashima, Rachel Lerman
@online{nakashima:20210921:fbi:ce8f168, author = {Ellen Nakashima and Rachel Lerman}, title = {{FBI held back ransomware decryption key from businesses to run operation targeting hackers}}, date = {2021-09-21}, organization = {Washington Post}, url = {https://www.washingtonpost.com/national-security/ransomware-fbi-revil-decryption-key/2021/09/21/4a9417d0-f15f-11eb-a452-4da5fe48582d_story.html}, language = {English}, urldate = {2021-10-05} } FBI held back ransomware decryption key from businesses to run operation targeting hackers
REvil
2021-08-25FBIFBI
@techreport{fbi:20210825:mc000150mw:39f2584, author = {FBI}, title = {{MC-000150-MW: Indicators of Compromise Associated with Hive Ransomware}}, date = {2021-08-25}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210825.pdf}, language = {English}, urldate = {2021-08-30} } MC-000150-MW: Indicators of Compromise Associated with Hive Ransomware
hive
2021-08-23FBIFBI
@techreport{fbi:20210823:indicators:3308f26, author = {FBI}, title = {{Indicators of Compromise Associated with OnePercent Group Ransomware}}, date = {2021-08-23}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210823.pdf}, language = {English}, urldate = {2021-08-24} } Indicators of Compromise Associated with OnePercent Group Ransomware
Cobalt Strike MimiKatz
2021-07-28CISACISA, Australian Cyber Security Centre (ACSC), NCSC UK, FBI
@online{cisa:20210728:top:78a1031, author = {CISA and Australian Cyber Security Centre (ACSC) and NCSC UK and FBI}, title = {{Top Routinely Exploited Vulnerabilities}}, date = {2021-07-28}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/alerts/aa21-209a}, language = {English}, urldate = {2021-07-29} } Top Routinely Exploited Vulnerabilities
2021-07-19FBIFBI
@techreport{fbi:20210719:pin:5feb5ed, author = {FBI}, title = {{PIN Number 20210719-001: Potential for Malicious Cyber Activities to Disrupt the 2020 Tokyo Summer Olympics}}, date = {2021-07-19}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210719.pdf}, language = {English}, urldate = {2021-07-26} } PIN Number 20210719-001: Potential for Malicious Cyber Activities to Disrupt the 2020 Tokyo Summer Olympics
2021-07-08MIT Technology ReviewPatrick Howell O'Neill
@online{oneill:20210708:inside:bbfb1bf, author = {Patrick Howell O'Neill}, title = {{Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation}}, date = {2021-07-08}, organization = {MIT Technology Review}, url = {https://www.technologyreview.com/2021/07/08/1027999/fbi-russia-ukraine-cybercrime-investigation-ransomware/}, language = {English}, urldate = {2021-07-09} } Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation
2021-07-04CISAUS-CERT
@online{uscert:20210704:cisafbi:1e199f1, author = {US-CERT}, title = {{CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack}}, date = {2021-07-04}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa}, language = {English}, urldate = {2021-07-09} } CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
REvil REvil
2021-07-01CISA, FBI, NSA, NCSC UK
@techreport{cisa:20210701:russian:4127fc7, author = {CISA and FBI and NSA and NCSC UK}, title = {{Russian GRU (APT28) Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments}}, date = {2021-07-01}, institution = {}, url = {https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF}, language = {English}, urldate = {2021-07-11} } Russian GRU (APT28) Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments
reGeorg
2021-06-02Bleeping ComputerLawrence Abrams
@online{abrams:20210602:fbi:a9cb4ad, author = {Lawrence Abrams}, title = {{FBI: REvil cybergang behind the JBS ransomware attack}}, date = {2021-06-02}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/fbi-revil-cybergang-behind-the-jbs-ransomware-attack/}, language = {English}, urldate = {2021-06-09} } FBI: REvil cybergang behind the JBS ransomware attack
REvil
2021-05-28FBI
@online{fbi:20210528:wanted:ac99de8, author = {FBI}, title = {{Wanted by the FBI: Zhu Yunmin, Wu Shurong, Ding Xiaoyang, Cheng Qingmin}}, date = {2021-05-28}, url = {https://www.justice.gov/opa/press-release/file/1412921/download}, language = {English}, urldate = {2021-07-26} } Wanted by the FBI: Zhu Yunmin, Wu Shurong, Ding Xiaoyang, Cheng Qingmin
Leviathan
2021-05-20FBIFBI
@techreport{fbi:20210520:alert:65d3256, author = {FBI}, title = {{Alert Number CP-000147-MW: Conti Ransomware Attacks Impact Healthcare and First Responder Networks}}, date = {2021-05-20}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210521.pdf}, language = {English}, urldate = {2021-05-26} } Alert Number CP-000147-MW: Conti Ransomware Attacks Impact Healthcare and First Responder Networks
Conti