Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-14CISAFBI, US-CERT, NSA, U.S. Cyber Command, U.S. Department of the Treasury, Australian Cyber Security Centre (ACSC), CSE Canada, NCSC UK
@online{fbi:20220914:alert:c9a3789, author = {FBI and US-CERT and NSA and U.S. Cyber Command and U.S. Department of the Treasury and Australian Cyber Security Centre (ACSC) and CSE Canada and NCSC UK}, title = {{Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations}}, date = {2022-09-14}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-257a}, language = {English}, urldate = {2022-09-20} } Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
2022-08-05360 netlab360 Netlab
@online{netlab:20220805:new:d4f6a02, author = {360 Netlab}, title = {{A new botnet Orchard Generates DGA Domains with Bitcoin Transaction Information}}, date = {2022-08-05}, organization = {360 netlab}, url = {https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/}, language = {English}, urldate = {2022-08-30} } A new botnet Orchard Generates DGA Domains with Bitcoin Transaction Information
Orchard
2022-08-05360 netlabDaji, suqitian
@online{daji:20220805:dga:b184bd8, author = {Daji and suqitian}, title = {{The DGA family Orchard continues to change, and the new version generates DGA domain names using Bitcoin transaction information}}, date = {2022-08-05}, organization = {360 netlab}, url = {https://blog.netlab.360.com/orchard-dga/}, language = {Chinese}, urldate = {2022-09-21} } The DGA family Orchard continues to change, and the new version generates DGA domain names using Bitcoin transaction information
Orchard
2022-07-14Cert-UACert-UA
@online{certua:20220714:uac0100:6e00cea, author = {Cert-UA}, title = {{UAC-0100 - Online fraud using the subject of "monetary compensation" (CERT-UA#4964)}}, date = {2022-07-14}, organization = {Cert-UA}, url = {https://cert.gov.ua/article/761668}, language = {Ukrainian}, urldate = {2022-07-25} } UAC-0100 - Online fraud using the subject of "monetary compensation" (CERT-UA#4964)
2022-04-27CISACISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), United Kingdom’s National Cyber Security Centre (NCSC-UK)
@online{cisa:20220427:alert:e02c831, author = {CISA and NSA and FBI and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and New Zealand National Cyber Security Centre (NZ NCSC) and United Kingdom’s National Cyber Security Centre (NCSC-UK)}, title = {{Alert (AA22-117A) 2021 Top Routinely Exploited Vulnerabilities}}, date = {2022-04-27}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-117a}, language = {English}, urldate = {2022-04-29} } Alert (AA22-117A) 2021 Top Routinely Exploited Vulnerabilities
2022-04-20CISACISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Government Communications Security Bureau, NCSC UK, National Crime Agency (NCA)
@techreport{cisa:20220420:aa22110a:4fde5d6, author = {CISA and NSA and FBI and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and Government Communications Security Bureau and NCSC UK and National Crime Agency (NCA)}, title = {{AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}}, date = {2022-04-20}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-110A_Joint_CSA_Russian_State-Sponsored_and_Criminal_Cyber_Threats_to_Critical_Infrastructure_4_20_22_Final.pdf}, language = {English}, urldate = {2022-04-25} } AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader
2022-04-13Department of Energy (DOE), NSA, FBI, CISA
@techreport{doe:20220413:cyber:1dee54e, author = {Department of Energy (DOE) and NSA and FBI and CISA}, title = {{APT Cyber Tools Targeting ICS/SCADA Devices}}, date = {2022-04-13}, institution = {}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/Joint_Cybersecurity_Advisory_APT%20Cyber%20Tools%20Targeting%20ICS%20SCADA%20Devices.pdf}, language = {English}, urldate = {2022-04-15} } APT Cyber Tools Targeting ICS/SCADA Devices
2022-03-22360 Threat Intelligence Center360 Threat Intelligence Center
@online{center:20220322:quantum:8629794, author = {360 Threat Intelligence Center}, title = {{Quantum Attack System – NSA "APT-C-40" Hacking Organization High-end Cyber Attack Weapon Technical Analysis Report (I)}}, date = {2022-03-22}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/lzf16Fchfv1fMG3IExq7XA}, language = {Chinese}, urldate = {2022-06-27} } Quantum Attack System – NSA "APT-C-40" Hacking Organization High-end Cyber Attack Weapon Technical Analysis Report (I)
2022-03-03NSANSA
@techreport{nsa:20220303:network:c5b4b09, author = {NSA}, title = {{Network Infrastructure Security Guidance}}, date = {2022-03-03}, institution = {NSA}, url = {https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF}, language = {English}, urldate = {2022-03-07} } Network Infrastructure Security Guidance
2022-02-24FBI, CISA, CNMF, NCSC UK, NSA
@techreport{fbi:20220224:iranian:9117e42, author = {FBI and CISA and CNMF and NCSC UK and NSA}, title = {{Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks}}, date = {2022-02-24}, institution = {}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-055A_Iranian_Government-Sponsored_Actors_Conduct_Cyber_Operations.pdf}, language = {English}, urldate = {2022-03-01} } Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
POWERSTATS PowGoop GRAMDOOR MoriAgent
2022-02-23Bleeping ComputerIonut Ilascu
@online{ilascu:20220223:nsalinked:556c453, author = {Ionut Ilascu}, title = {{NSA-linked Bvp47 Linux backdoor widely undetected for 10 years}}, date = {2022-02-23}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years/}, language = {English}, urldate = {2022-03-01} } NSA-linked Bvp47 Linux backdoor widely undetected for 10 years
Bvp47
2022-02-23Pangu LabPangu Lab
@online{lab:20220223:bvp47:c8f2a2f, author = {Pangu Lab}, title = {{The Bvp47 - a Top-tier Backdoor of US NSA Equation Group}}, date = {2022-02-23}, organization = {Pangu Lab}, url = {https://www.pangulab.cn/en/post/the_bvp47_a_top-tier_backdoor_of_us_nsa_equation_group/}, language = {English}, urldate = {2022-03-01} } The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
Bvp47
2022-02-23CISA, NCSC UK, FBI, NSA
@techreport{cisa:20220223:advisory:56f6379, author = {CISA and NCSC UK and FBI and NSA}, title = {{Advisory: New Sandworm malware Cyclops Blink replaces VPNFilter}}, date = {2022-02-23}, institution = {}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-054A%20New%20Sandworm%20Malware%20Cyclops%20Blink%20Replaces%20VPN%20Filter.pdf}, language = {English}, urldate = {2022-02-26} } Advisory: New Sandworm malware Cyclops Blink replaces VPNFilter
VPNFilter
2022-02-22Pangu LabPangu Lab
@techreport{lab:20220222:bvp47:0b9392d, author = {Pangu Lab}, title = {{Bvp47 - Top-tier Backdoor of US NSA Equation Group}}, date = {2022-02-22}, institution = {Pangu Lab}, url = {https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf}, language = {English}, urldate = {2022-03-01} } Bvp47 - Top-tier Backdoor of US NSA Equation Group
Bvp47
2022-02-16CISAUS-CERT, NSA, FBI
@online{uscert:20220216:alert:8b4e4d2, author = {US-CERT and NSA and FBI}, title = {{Alert (AA22-047A) Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology}}, date = {2022-02-16}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-047a}, language = {English}, urldate = {2022-02-19} } Alert (AA22-047A) Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
2022-02-09CISACISA, FBI, NSA, Australian Cyber Security Centre (ACSC), NCSC UK
@techreport{cisa:20220209:alert:be2567f, author = {CISA and FBI and NSA and Australian Cyber Security Centre (ACSC) and NCSC UK}, title = {{Alert (AA22-040A) 2021 Trends Show Increased Globalized Threat of Ransomware}}, date = {2022-02-09}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-040A_2021_Trends_Show_Increased_Globalized_Threat_of_Ransomware_508.pdf}, language = {English}, urldate = {2022-04-07} } Alert (AA22-040A) 2021 Trends Show Increased Globalized Threat of Ransomware
2022-02-09FBI, NSA, CISA, Australian Cyber Security Centre (ACSC), United Kingdom’s National Cyber Security Centre (NCSC-UK)
@techreport{fbi:20220209:2021:df515ea, author = {FBI and NSA and CISA and Australian Cyber Security Centre (ACSC) and United Kingdom’s National Cyber Security Centre (NCSC-UK)}, title = {{2021 Trends Show Increased Globalized Threat of Ransomware}}, date = {2022-02-09}, institution = {}, url = {https://www.ncsc.gov.uk/files/2021%20Trends%20show%20increased%20globalised%20threat%20of%20ransomware.pdf}, language = {English}, urldate = {2022-04-05} } 2021 Trends Show Increased Globalized Threat of Ransomware
2022-01-11CISACISA, FBI, NSA
@techreport{cisa:20220111:understanding:aae8b36, author = {CISA and FBI and NSA}, title = {{Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure}}, date = {2022-01-11}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-011A_Joint_CSA_Understanding_and_Mitigating%20_Russian_Cyber_Threats_to_US_Critical_Infrastructure_TLP-WHITE_01-10-22_v1.pdf}, language = {English}, urldate = {2022-04-07} } Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
2022-01-11CISA, FBI, NSA
@techreport{cisa:20220111:understanding:07bbdcf, author = {CISA and FBI and NSA}, title = {{Understanding and Mitigating Russian State- Sponsored Cyber Threats to U.S. Critical Infrastructure}}, date = {2022-01-11}, institution = {}, url = {https://media.defense.gov/2022/Jan/11/2002919950/-1/-1/1/JOINT_CSA_UNDERSTANDING_MITIGATING_RUSSIAN_CYBER_THREATS_TO_US_CRITICAL_INFRASTRUCTURE_20220111.PDF}, language = {English}, urldate = {2022-01-18} } Understanding and Mitigating Russian State- Sponsored Cyber Threats to U.S. Critical Infrastructure
2021-12-30CloudsekAnandeshwar Unnikrishnan, Isha Tripathi
@online{unnikrishnan:20211230:technical:9a058e7, author = {Anandeshwar Unnikrishnan and Isha Tripathi}, title = {{Technical Analysis of Khonsari Ransomware Campaign Exploiting the Log4Shell Vulnerability}}, date = {2021-12-30}, organization = {Cloudsek}, url = {https://cloudsek.com/technical-analysis-of-khonsari-ransomware-campaign-exploiting-the-log4shell-vulnerability/}, language = {English}, urldate = {2022-05-25} } Technical Analysis of Khonsari Ransomware Campaign Exploiting the Log4Shell Vulnerability
Khonsari