Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-12FBIFBI
@techreport{fbi:20210512:pin:65820ee, author = {FBI}, title = {{PIN Number 20210512-001: Spear-Phishing Attack Directing Recipients to Download a Fake Windows Application Impersonating a Financial Institution}}, date = {2021-05-12}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210513.pdf}, language = {English}, urldate = {2021-05-19} } PIN Number 20210512-001: Spear-Phishing Attack Directing Recipients to Download a Fake Windows Application Impersonating a Financial Institution
2021-05-07GCHQNCSC UK, CISA, FBI, NSA
@techreport{uk:20210507:further:400b6a8, author = {NCSC UK and CISA and FBI and NSA}, title = {{Further TTPs associated with SVR cyber actors: Use of multiple publicly available exploits and Sliver framework to target organisations globally}}, date = {2021-05-07}, institution = {GCHQ}, url = {https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf}, language = {English}, urldate = {2021-05-08} } Further TTPs associated with SVR cyber actors: Use of multiple publicly available exploits and Sliver framework to target organisations globally
2021-04-26CISACISA, FBI, Department of Homeland Security
@techreport{cisa:20210426:russian:0ef89c2, author = {CISA and FBI and Department of Homeland Security}, title = {{Russian Foreign Intelligence Service (SVR)Cyber Operations: Trends and Best Practices for Network Defenders}}, date = {2021-04-26}, institution = {CISA}, url = {https://us-cert.cisa.gov/sites/default/files/publications/AA21-116A_Russian_Foreign_Intelligence_Service_Cyber_Operations_508C.pdf}, language = {English}, urldate = {2021-04-29} } Russian Foreign Intelligence Service (SVR)Cyber Operations: Trends and Best Practices for Network Defenders
elf.wellmess WellMess
2021-04-15NSA, CISA, FBI
@techreport{nsa:20210415:russian:9c18f60, author = {NSA and CISA and FBI}, title = {{Russian SVR Targets U.S. and Allied Networks}}, date = {2021-04-15}, institution = {}, url = {https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF_US_ALLIES_UOO13234021.PDF}, language = {English}, urldate = {2021-04-16} } Russian SVR Targets U.S. and Allied Networks
2021-04-13FBIFBI
@online{fbi:20210413:alert:c52e054, author = {FBI}, title = {{Alert Number I-041321-PSA: Rise In Use of Cryptocurrency In Business Email Compromise Schemes}}, date = {2021-04-13}, organization = {FBI}, url = {https://www.ic3.gov/Media/Y2021/PSA210413}, language = {English}, urldate = {2021-04-14} } Alert Number I-041321-PSA: Rise In Use of Cryptocurrency In Business Email Compromise Schemes
2021-04-02CISA, FBI
@techreport{cisa:20210402:joint:cc385f7, author = {CISA and FBI}, title = {{Joint CSA AA21-092A: APT Actors Exploit Vulnerabilitiesto Gain Initial Access for Future Attacks}}, date = {2021-04-02}, institution = {}, url = {https://www.ic3.gov/Media/News/2021/210402.pdf}, language = {English}, urldate = {2021-04-06} } Joint CSA AA21-092A: APT Actors Exploit Vulnerabilitiesto Gain Initial Access for Future Attacks
2021-03-23FBIFBI
@techreport{fbi:20210323:alert:e4d63f0, author = {FBI}, title = {{Alert Number CU-000143-MW: Mamba Ransomware Weaponizing DiskCryptor}}, date = {2021-03-23}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210323.pdf}, language = {English}, urldate = {2021-03-25} } Alert Number CU-000143-MW: Mamba Ransomware Weaponizing DiskCryptor
Mamba
2021-03-16FBIFBI
@techreport{fbi:20210316:alert:69b1a21, author = {FBI}, title = {{Alert Number CP-000142-MW: Increase in PYSA Ransomware Targeting Education Institutions}}, date = {2021-03-16}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210316.pdf}, language = {English}, urldate = {2021-03-22} } Alert Number CP-000142-MW: Increase in PYSA Ransomware Targeting Education Institutions
Mespinoza
2021-03-10FBIFBI, CISA
@techreport{fbi:20210310:compromise:8ad3a9c, author = {FBI and CISA}, title = {{Compromise of Microsoft Exchange Server}}, date = {2021-03-10}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210310.pdf}, language = {English}, urldate = {2021-03-12} } Compromise of Microsoft Exchange Server
2021-02-11US-CERTFBI, CISA
@techreport{fbi:20210211:alert:6f596af, author = {FBI and CISA}, title = {{Alert (AA21-042A): Compromise of U.S. Water Treatment Facility}}, date = {2021-02-11}, institution = {US-CERT}, url = {https://us-cert.cisa.gov/sites/default/files/publications/AA21-042A_Joint_Cybersecurity_Advisory_Compromise_of_U.S._Drinking_Treatment_Facility.pdf}, language = {English}, urldate = {2021-02-20} } Alert (AA21-042A): Compromise of U.S. Water Treatment Facility
2021-01-14FBIFBI
@techreport{fbi:20210114:pin:7f4c168, author = {FBI}, title = {{PIN Number 20210114-001: Cyber Criminals Exploit Network Access and Privilege Escalation}}, date = {2021-01-14}, institution = {FBI}, url = {https://assets.documentcloud.org/documents/20458329/cyber-criminals-exploit-network-access-and-privilege-escalation-bleepingcomputer-210115.pdf}, language = {English}, urldate = {2021-01-21} } PIN Number 20210114-001: Cyber Criminals Exploit Network Access and Privilege Escalation
2021-01-11ReutersChristopher Bing
@online{bing:20210111:exclusive:cf710cb, author = {Christopher Bing}, title = {{Exclusive: FBI probes Russian-linked postcard sent to FireEye CEO after cybersecurity firm uncovered hack - sources}}, date = {2021-01-11}, organization = {Reuters}, url = {https://www.reuters.com/article/us-global-cyber-fireeye/exclusive-fbi-probes-russian-linked-postcard-sent-to-fireeye-ceo-after-cybersecurity-firm-uncovered-hack-sources-idUSKBN29G2IG}, language = {English}, urldate = {2021-01-18} } Exclusive: FBI probes Russian-linked postcard sent to FireEye CEO after cybersecurity firm uncovered hack - sources
2021-01-06FBIFBI
@techreport{fbi:20210106:pin:66d55ca, author = {FBI}, title = {{PIN Number 20210106-001: Egregor Ransomware Targets Businesses Worldwide, Attempting to Extort Businesses by Publicly Releasing Exfiltrated Data}}, date = {2021-01-06}, institution = {FBI}, url = {https://assets.documentcloud.org/documents/20444693/fbi-pin-egregor-ransomware-bc-01062021.pdf}, language = {English}, urldate = {2021-01-11} } PIN Number 20210106-001: Egregor Ransomware Targets Businesses Worldwide, Attempting to Extort Businesses by Publicly Releasing Exfiltrated Data
Egregor QakBot
2020-12-23FBIFBI
@online{fbi:20201223:iranian:e252f2e, author = {FBI}, title = {{Iranian Cyber Actors Responsible for Website Threatening U.S. Election Officials}}, date = {2020-12-23}, organization = {FBI}, url = {https://www.fbi.gov/news/pressrel/press-releases/iranian-cyber-actors-responsible-for-website-threatening-us-election-officials}, language = {English}, urldate = {2020-12-26} } Iranian Cyber Actors Responsible for Website Threatening U.S. Election Officials
2020-12-23The Washington PostEllen Nakashima, Amy Gardner, Aaron C. Davis
@online{nakashima:20201223:fbi:855ce0d, author = {Ellen Nakashima and Amy Gardner and Aaron C. Davis}, title = {{FBI links Iran to online hit list targeting top officials who’ve refuted Trump’s election fraud claims}}, date = {2020-12-23}, organization = {The Washington Post}, url = {https://www.washingtonpost.com/national-security/iran-election-fraud-violence/2020/12/22/4a28e9ba-44a8-11eb-a277-49a6d1f9dff1_story.html}, language = {English}, urldate = {2020-12-23} } FBI links Iran to online hit list targeting top officials who’ve refuted Trump’s election fraud claims
2020-12-22FBIFBI
@online{fbi:20201222:pin:ea37578, author = {FBI}, title = {{PIN Number 20201222-001: Advanced Persistent Threat Actors Leverage SolarWinds Vulnerabilities}}, date = {2020-12-22}, organization = {FBI}, url = {https://drive.google.com/file/d/1R79Q1oC18GmKK8FYBoYEt0vYF7SpsvQI/view}, language = {English}, urldate = {2020-12-26} } PIN Number 20201222-001: Advanced Persistent Threat Actors Leverage SolarWinds Vulnerabilities
SUNBURST
2020-12-11PWC UKTwitter (@BitsOfBinary)
@online{bitsofbinary:20201211:macos:a00d112, author = {Twitter (@BitsOfBinary)}, title = {{Tweet on macOS Manuscypt samples}}, date = {2020-12-11}, organization = {PWC UK}, url = {https://twitter.com/BitsOfBinary/status/1337330286787518464}, language = {English}, urldate = {2020-12-14} } Tweet on macOS Manuscypt samples
Manuscrypt
2020-12-10FBIFBI
@techreport{fbi:20201210:pin:8657b3e, author = {FBI}, title = {{PIN Number 20201210-001: DoppelPaymer Ransomware Attacks on Critical Infrastructure Impact Critical Services}}, date = {2020-12-10}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2020/201215-1.pdf}, language = {English}, urldate = {2020-12-19} } PIN Number 20201210-001: DoppelPaymer Ransomware Attacks on Critical Infrastructure Impact Critical Services
DoppelPaymer
2020-12-10US-CERTUS-CERT, FBI, MS-ISAC
@online{uscert:20201210:alert:a5ec77e, author = {US-CERT and FBI and MS-ISAC}, title = {{Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data}}, date = {2020-12-10}, organization = {US-CERT}, url = {https://us-cert.cisa.gov/ncas/alerts/aa20-345a}, language = {English}, urldate = {2020-12-11} } Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus
2020-11-23FBIFBI
@online{fbi:20201123:alert:b813e71, author = {FBI}, title = {{Alert Number I-112320-PSA: Spoofed FBI Internet Domains Pose Cyber and Disinformation Risks}}, date = {2020-11-23}, organization = {FBI}, url = {https://www.ic3.gov/Media/Y2020/PSA201123}, language = {English}, urldate = {2020-11-25} } Alert Number I-112320-PSA: Spoofed FBI Internet Domains Pose Cyber and Disinformation Risks