Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-21Washington PostEllen Nakashima, Rachel Lerman
@online{nakashima:20210921:fbi:ce8f168, author = {Ellen Nakashima and Rachel Lerman}, title = {{FBI held back ransomware decryption key from businesses to run operation targeting hackers}}, date = {2021-09-21}, organization = {Washington Post}, url = {https://www.washingtonpost.com/national-security/ransomware-fbi-revil-decryption-key/2021/09/21/4a9417d0-f15f-11eb-a452-4da5fe48582d_story.html}, language = {English}, urldate = {2021-10-05} } FBI held back ransomware decryption key from businesses to run operation targeting hackers
REvil
2021-08-25FBIFBI
@techreport{fbi:20210825:mc000150mw:39f2584, author = {FBI}, title = {{MC-000150-MW: Indicators of Compromise Associated with Hive Ransomware}}, date = {2021-08-25}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210825.pdf}, language = {English}, urldate = {2021-08-30} } MC-000150-MW: Indicators of Compromise Associated with Hive Ransomware
hive
2021-08-23FBIFBI
@techreport{fbi:20210823:indicators:3308f26, author = {FBI}, title = {{Indicators of Compromise Associated with OnePercent Group Ransomware}}, date = {2021-08-23}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210823.pdf}, language = {English}, urldate = {2021-08-24} } Indicators of Compromise Associated with OnePercent Group Ransomware
Cobalt Strike MimiKatz
2021-07-28CISACISA, Australian Cyber Security Centre (ACSC), NCSC UK, FBI
@online{cisa:20210728:top:78a1031, author = {CISA and Australian Cyber Security Centre (ACSC) and NCSC UK and FBI}, title = {{Top Routinely Exploited Vulnerabilities}}, date = {2021-07-28}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/alerts/aa21-209a}, language = {English}, urldate = {2021-07-29} } Top Routinely Exploited Vulnerabilities
2021-07-19FBIFBI
@techreport{fbi:20210719:pin:5feb5ed, author = {FBI}, title = {{PIN Number 20210719-001: Potential for Malicious Cyber Activities to Disrupt the 2020 Tokyo Summer Olympics}}, date = {2021-07-19}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210719.pdf}, language = {English}, urldate = {2021-07-26} } PIN Number 20210719-001: Potential for Malicious Cyber Activities to Disrupt the 2020 Tokyo Summer Olympics
2021-07-08MIT Technology ReviewPatrick Howell O'Neill
@online{oneill:20210708:inside:bbfb1bf, author = {Patrick Howell O'Neill}, title = {{Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation}}, date = {2021-07-08}, organization = {MIT Technology Review}, url = {https://www.technologyreview.com/2021/07/08/1027999/fbi-russia-ukraine-cybercrime-investigation-ransomware/}, language = {English}, urldate = {2021-07-09} } Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation
2021-07-04CISAUS-CERT
@online{uscert:20210704:cisafbi:1e199f1, author = {US-CERT}, title = {{CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack}}, date = {2021-07-04}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa}, language = {English}, urldate = {2021-07-09} } CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
REvil REvil
2021-07-01CISA, FBI, NSA, NCSC UK
@techreport{cisa:20210701:russian:4127fc7, author = {CISA and FBI and NSA and NCSC UK}, title = {{Russian GRU (APT28) Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments}}, date = {2021-07-01}, institution = {}, url = {https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF}, language = {English}, urldate = {2021-07-11} } Russian GRU (APT28) Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments
reGeorg
2021-06-02Bleeping ComputerLawrence Abrams
@online{abrams:20210602:fbi:a9cb4ad, author = {Lawrence Abrams}, title = {{FBI: REvil cybergang behind the JBS ransomware attack}}, date = {2021-06-02}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/fbi-revil-cybergang-behind-the-jbs-ransomware-attack/}, language = {English}, urldate = {2021-06-09} } FBI: REvil cybergang behind the JBS ransomware attack
REvil
2021-05-28FBI
@online{fbi:20210528:wanted:ac99de8, author = {FBI}, title = {{Wanted by the FBI: Zhu Yunmin, Wu Shurong, Ding Xiaoyang, Cheng Qingmin}}, date = {2021-05-28}, url = {https://www.justice.gov/opa/press-release/file/1412921/download}, language = {English}, urldate = {2021-07-26} } Wanted by the FBI: Zhu Yunmin, Wu Shurong, Ding Xiaoyang, Cheng Qingmin
Leviathan
2021-05-20FBIFBI
@techreport{fbi:20210520:alert:65d3256, author = {FBI}, title = {{Alert Number CP-000147-MW: Conti Ransomware Attacks Impact Healthcare and First Responder Networks}}, date = {2021-05-20}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210521.pdf}, language = {English}, urldate = {2021-05-26} } Alert Number CP-000147-MW: Conti Ransomware Attacks Impact Healthcare and First Responder Networks
Conti
2021-05-12FBIFBI
@techreport{fbi:20210512:pin:65820ee, author = {FBI}, title = {{PIN Number 20210512-001: Spear-Phishing Attack Directing Recipients to Download a Fake Windows Application Impersonating a Financial Institution}}, date = {2021-05-12}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210513.pdf}, language = {English}, urldate = {2021-05-19} } PIN Number 20210512-001: Spear-Phishing Attack Directing Recipients to Download a Fake Windows Application Impersonating a Financial Institution
2021-05-07GCHQNCSC UK, CISA, FBI, NSA
@techreport{uk:20210507:further:400b6a8, author = {NCSC UK and CISA and FBI and NSA}, title = {{Further TTPs associated with SVR cyber actors: Use of multiple publicly available exploits and Sliver framework to target organisations globally}}, date = {2021-05-07}, institution = {GCHQ}, url = {https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf}, language = {English}, urldate = {2021-05-08} } Further TTPs associated with SVR cyber actors: Use of multiple publicly available exploits and Sliver framework to target organisations globally
2021-04-26CISACISA, FBI, Department of Homeland Security
@techreport{cisa:20210426:russian:0ef89c2, author = {CISA and FBI and Department of Homeland Security}, title = {{Russian Foreign Intelligence Service (SVR)Cyber Operations: Trends and Best Practices for Network Defenders}}, date = {2021-04-26}, institution = {CISA}, url = {https://us-cert.cisa.gov/sites/default/files/publications/AA21-116A_Russian_Foreign_Intelligence_Service_Cyber_Operations_508C.pdf}, language = {English}, urldate = {2021-04-29} } Russian Foreign Intelligence Service (SVR)Cyber Operations: Trends and Best Practices for Network Defenders
elf.wellmess WellMess
2021-04-15NSA, CISA, FBI
@techreport{nsa:20210415:russian:9c18f60, author = {NSA and CISA and FBI}, title = {{Russian SVR Targets U.S. and Allied Networks}}, date = {2021-04-15}, institution = {}, url = {https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF_US_ALLIES_UOO13234021.PDF}, language = {English}, urldate = {2021-04-16} } Russian SVR Targets U.S. and Allied Networks
2021-04-13FBIFBI
@online{fbi:20210413:alert:c52e054, author = {FBI}, title = {{Alert Number I-041321-PSA: Rise In Use of Cryptocurrency In Business Email Compromise Schemes}}, date = {2021-04-13}, organization = {FBI}, url = {https://www.ic3.gov/Media/Y2021/PSA210413}, language = {English}, urldate = {2021-04-14} } Alert Number I-041321-PSA: Rise In Use of Cryptocurrency In Business Email Compromise Schemes
2021-04-02CISA, FBI
@techreport{cisa:20210402:joint:cc385f7, author = {CISA and FBI}, title = {{Joint CSA AA21-092A: APT Actors Exploit Vulnerabilitiesto Gain Initial Access for Future Attacks}}, date = {2021-04-02}, institution = {}, url = {https://www.ic3.gov/Media/News/2021/210402.pdf}, language = {English}, urldate = {2021-04-06} } Joint CSA AA21-092A: APT Actors Exploit Vulnerabilitiesto Gain Initial Access for Future Attacks
2021-03-23FBIFBI
@techreport{fbi:20210323:alert:e4d63f0, author = {FBI}, title = {{Alert Number CU-000143-MW: Mamba Ransomware Weaponizing DiskCryptor}}, date = {2021-03-23}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210323.pdf}, language = {English}, urldate = {2021-03-25} } Alert Number CU-000143-MW: Mamba Ransomware Weaponizing DiskCryptor
Mamba
2021-03-16FBIFBI
@techreport{fbi:20210316:alert:69b1a21, author = {FBI}, title = {{Alert Number CP-000142-MW: Increase in PYSA Ransomware Targeting Education Institutions}}, date = {2021-03-16}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210316.pdf}, language = {English}, urldate = {2021-03-22} } Alert Number CP-000142-MW: Increase in PYSA Ransomware Targeting Education Institutions
Mespinoza
2021-03-10FBIFBI, CISA
@techreport{fbi:20210310:compromise:8ad3a9c, author = {FBI and CISA}, title = {{Compromise of Microsoft Exchange Server}}, date = {2021-03-10}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210310.pdf}, language = {English}, urldate = {2021-03-12} } Compromise of Microsoft Exchange Server