Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-01-26NCSC UKNCSC UK
@online{uk:20230126:seaborgium:ae8f581, author = {NCSC UK}, title = {{SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest}}, date = {2023-01-26}, organization = {NCSC UK}, url = {https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest}, language = {English}, urldate = {2023-01-27} } SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest
2022-11-01NCSC UKNCSC UK
@online{uk:20221101:ncsc:1ed9540, author = {NCSC UK}, title = {{NCSC Annual Review 2022}}, date = {2022-11-01}, organization = {NCSC UK}, url = {https://www.ncsc.gov.uk/collection/annual-review-2022}, language = {English}, urldate = {2022-11-03} } NCSC Annual Review 2022
2022-09-14CISAFBI, US-CERT, NSA, U.S. Cyber Command, U.S. Department of the Treasury, Australian Cyber Security Centre (ACSC), CSE Canada, NCSC UK
@online{fbi:20220914:alert:c9a3789, author = {FBI and US-CERT and NSA and U.S. Cyber Command and U.S. Department of the Treasury and Australian Cyber Security Centre (ACSC) and CSE Canada and NCSC UK}, title = {{Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations}}, date = {2022-09-14}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-257a}, language = {English}, urldate = {2022-09-20} } Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
2022-04-20CISACISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Government Communications Security Bureau, NCSC UK, National Crime Agency (NCA)
@techreport{cisa:20220420:aa22110a:4fde5d6, author = {CISA and NSA and FBI and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and Government Communications Security Bureau and NCSC UK and National Crime Agency (NCA)}, title = {{AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}}, date = {2022-04-20}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-110A_Joint_CSA_Russian_State-Sponsored_and_Criminal_Cyber_Threats_to_Critical_Infrastructure_4_20_22_Final.pdf}, language = {English}, urldate = {2022-04-25} } AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader
2022-02-28NCSC UKNCSC UK
@techreport{uk:20220228:malware:0cbf8c2, author = {NCSC UK}, title = {{Malware Analysis Report: SparrowDoor}}, date = {2022-02-28}, institution = {NCSC UK}, url = {https://www.ncsc.gov.uk/files/NCSC-MAR-SparrowDoor.pdf}, language = {English}, urldate = {2022-05-17} } Malware Analysis Report: SparrowDoor
SparrowDoor
2022-02-24FBI, CISA, CNMF, NCSC UK
@online{fbi:20220224:alert:f9ae76b, author = {FBI and CISA and CNMF and NCSC UK}, title = {{Alert (AA22-055A) Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks}}, date = {2022-02-24}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-055a}, language = {English}, urldate = {2022-03-01} } Alert (AA22-055A) Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
POWERSTATS PowGoop MoriAgent
2022-02-24FBI, CISA, CNMF, NCSC UK, NSA
@techreport{fbi:20220224:iranian:9117e42, author = {FBI and CISA and CNMF and NCSC UK and NSA}, title = {{Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks}}, date = {2022-02-24}, institution = {}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-055A_Iranian_Government-Sponsored_Actors_Conduct_Cyber_Operations.pdf}, language = {English}, urldate = {2022-03-01} } Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
POWERSTATS PowGoop GRAMDOOR MoriAgent
2022-02-23NCSC UKNCSC UK
@online{uk:20220223:new:53a7c46, author = {NCSC UK}, title = {{New Sandworm malware Cyclops Blink replaces VPNFilter}}, date = {2022-02-23}, organization = {NCSC UK}, url = {https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter}, language = {English}, urldate = {2022-02-26} } New Sandworm malware Cyclops Blink replaces VPNFilter
VPNFilter
2022-02-23NCSC UKNCSC UK
@techreport{uk:20220223:cyclops:f4290ae, author = {NCSC UK}, title = {{Cyclops Blink - Malware Analysis Report}}, date = {2022-02-23}, institution = {NCSC UK}, url = {https://www.ncsc.gov.uk/files/Cyclops-Blink-Malware-Analysis-Report.pdf}, language = {English}, urldate = {2022-02-26} } Cyclops Blink - Malware Analysis Report
2022-02-23CISA, NCSC UK, FBI, NSA
@techreport{cisa:20220223:advisory:56f6379, author = {CISA and NCSC UK and FBI and NSA}, title = {{Advisory: New Sandworm malware Cyclops Blink replaces VPNFilter}}, date = {2022-02-23}, institution = {}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-054A%20New%20Sandworm%20Malware%20Cyclops%20Blink%20Replaces%20VPN%20Filter.pdf}, language = {English}, urldate = {2022-02-26} } Advisory: New Sandworm malware Cyclops Blink replaces VPNFilter
VPNFilter
2022-02-09CISACISA, FBI, NSA, Australian Cyber Security Centre (ACSC), NCSC UK
@techreport{cisa:20220209:alert:be2567f, author = {CISA and FBI and NSA and Australian Cyber Security Centre (ACSC) and NCSC UK}, title = {{Alert (AA22-040A) 2021 Trends Show Increased Globalized Threat of Ransomware}}, date = {2022-02-09}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-040A_2021_Trends_Show_Increased_Globalized_Threat_of_Ransomware_508.pdf}, language = {English}, urldate = {2022-04-07} } Alert (AA22-040A) 2021 Trends Show Increased Globalized Threat of Ransomware
2021-12-15NCSC UKNCSC UK
@online{uk:20211215:jolly:bd0859a, author = {NCSC UK}, title = {{Jolly Jellyfish}}, date = {2021-12-15}, organization = {NCSC UK}, url = {https://media-exp1.licdn.com/dms/document/C561FAQHhWFRcWmdCPw/feedshare-document-pdf-analyzed/0/1639591145314?e=1658966400&v=beta&t=_uCcyEVg6b_VDiBTvWQIXtBOdQ1GQAAydqGyq62KA3E}, language = {English}, urldate = {2022-07-25} } Jolly Jellyfish
FishMaster Earth Lusca
2021-11-17CISAFBI, CISA, Australian Cyber Security Centre (ACSC), NCSC UK
@techreport{fbi:20211117:alert:e4ba10a, author = {FBI and CISA and Australian Cyber Security Centre (ACSC) and NCSC UK}, title = {{Alert (AA21-321A): Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities}}, date = {2021-11-17}, institution = {CISA}, url = {https://us-cert.cisa.gov/sites/default/files/publications/AA21-321A-Iranian%20Government-Sponsored%20APT%20Actors%20Exploiting%20Microsoft%20Exchange%20and%20Fortinet%20Vulnerabilities.pdf}, language = {English}, urldate = {2022-01-03} } Alert (AA21-321A): Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
2021-07-28CISACISA, Australian Cyber Security Centre (ACSC), NCSC UK, FBI
@online{cisa:20210728:top:78a1031, author = {CISA and Australian Cyber Security Centre (ACSC) and NCSC UK and FBI}, title = {{Top Routinely Exploited Vulnerabilities}}, date = {2021-07-28}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/alerts/aa21-209a}, language = {English}, urldate = {2021-07-29} } Top Routinely Exploited Vulnerabilities
2021-07-19GOV.UKNCSC UK, Dominic Raab
@online{uk:20210719:uk:9674820, author = {NCSC UK and Dominic Raab}, title = {{UK and allies hold Chinese state responsible for a pervasive pattern of hacking}}, date = {2021-07-19}, organization = {GOV.UK}, url = {https://www.gov.uk/government/news/uk-and-allies-hold-chinese-state-responsible-for-a-pervasive-pattern-of-hacking}, language = {English}, urldate = {2021-07-22} } UK and allies hold Chinese state responsible for a pervasive pattern of hacking
APT31 APT40 HAFNIUM
2021-07-19NCSC UKNCSC UK
@online{uk:20210719:uk:8ecd954, author = {NCSC UK}, title = {{UK and allies hold Chinese state responsible for pervasive pattern of hacking}}, date = {2021-07-19}, organization = {NCSC UK}, url = {https://www.ncsc.gov.uk/news/uk-allies-hold-chinese-state-responsible-for-pervasive-pattern-of-hacking}, language = {English}, urldate = {2021-07-22} } UK and allies hold Chinese state responsible for pervasive pattern of hacking
APT31 APT40
2021-07-01CISA, FBI, NSA, NCSC UK
@techreport{cisa:20210701:russian:4127fc7, author = {CISA and FBI and NSA and NCSC UK}, title = {{Russian GRU (APT28) Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments}}, date = {2021-07-01}, institution = {}, url = {https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF}, language = {English}, urldate = {2021-07-11} } Russian GRU (APT28) Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments
reGeorg
2021-05-07NCSC UKNCSC UK
@techreport{uk:20210507:further:896e2eb, author = {NCSC UK}, title = {{Further TTPs associated with SVR cyber actors}}, date = {2021-05-07}, institution = {NCSC UK}, url = {https://www.ncsc.gov.uk/files/Advisory%20Further%20TTPs%20associated%20with%20SVR%20cyber%20actors.pdf}, language = {English}, urldate = {2022-06-04} } Further TTPs associated with SVR cyber actors
Sliver
2021-05-07GCHQNCSC UK, CISA, FBI, NSA
@techreport{uk:20210507:further:400b6a8, author = {NCSC UK and CISA and FBI and NSA}, title = {{Further TTPs associated with SVR cyber actors: Use of multiple publicly available exploits and Sliver framework to target organisations globally}}, date = {2021-05-07}, institution = {GCHQ}, url = {https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf}, language = {English}, urldate = {2021-05-08} } Further TTPs associated with SVR cyber actors: Use of multiple publicly available exploits and Sliver framework to target organisations globally
2020-07-27CISANCSC UK, CISA
@online{uk:20200727:alert:31c9b38, author = {NCSC UK and CISA}, title = {{Alert (AA20-209A): Potential Legacy Risk from Malware Targeting QNAP NAS Devices}}, date = {2020-07-27}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/alerts/aa20-209a}, language = {English}, urldate = {2020-07-30} } Alert (AA20-209A): Potential Legacy Risk from Malware Targeting QNAP NAS Devices
QSnatch