Tag: CISA

BianLian Ransomware Detection: AA23-136A Joint Cybersecurity Advisory Details on TTPs Leveraged by BianLian Operators in the Ongoing Malicious Campaigns
BianLian Ransomware Detection: AA23-136A Joint Cybersecurity Advisory Details on TTPs Leveraged by BianLian Operators in the Ongoing Malicious Campaigns

Following a wave of cyber attacks by the Iran-linked hacking collective tracked as Pioneer Kitten, the FBI, CISA, and authoring partners issue a new alert notifying defenders of a growing threat posed by BianLian Ransomware Group, which primarily targets critical infrastructure organizations in the U.S. and Australia. Detect BianLian Ransomware According to the State of […]

Read More
Detect Brute Force and Credential Access Activity Linked to Iranian Hackers: The FBI, CISA, and Partners Warn Defenders of Growing Attacks Against Critical Infrastructure Organizations
Detect Brute Force and Credential Access Activity Linked to Iranian Hackers: The FBI, CISA, and Partners Warn Defenders of Growing Attacks Against Critical Infrastructure Organizations

At the end of summer, 2024, the FBI, Department of Defense, and CISA issued a joint advisory warning cybersecurity experts of a rise in operations by Iran-affiliated adversaries known as Pioneer Kitten. The U.S. cybersecurity authoring agencies in collaboration with international partners have recently issued another advisory AA24-290A covering the increasing activity of Iranian threat […]

Read More
Unit 29155 Attacks Detection: russia-Affiliated Military Intelligence Division Targets Critical Infrastructure Globally
Unit 29155 Attacks Detection: russia-Affiliated Military Intelligence Division Targets Critical Infrastructure Globally

Notorious russia-affiliated hacking groups are posing daunting challenges to defensive forces, continuously upgrading their adversary TTPs and enhancing detection evasion techniques. Following the full-fledged war outbreak in Ukraine, russia-backed APT collectives are especially active while using the conflict as a testing ground for new malicious approaches. Further, proven methods are leveraged against major targets of […]

Read More
Andariel Attack Detection: FBA, CISA, and Partners Warn of an Increasing Global Cyber-Espionage Campaign Linked to the North Korean State-Sponsored Group
Andariel Attack Detection: FBA, CISA, and Partners Warn of an Increasing Global Cyber-Espionage Campaign Linked to the North Korean State-Sponsored Group

The FBI, CISA, and leading cybersecurity authorities have issued a warning over growing North Korean cyber-espionage operations linked to the nation-backed hacking group tracked as Andariel. The group’s cyber-espionage activity involves the collection of critical data and intellectual property, thereby advancing the regime’s military and nuclear objectives and aspirations. Detecting Andariel Attacks Described in CISA […]

Read More
Akira Ransomware Detection: Joint Cybersecurity Advisory (CSA) AA24-109A Highlights Attacks Targeting Businesses and Critical Infrastructure in North America, Europe, and Australia
Akira Ransomware Detection: Joint Cybersecurity Advisory (CSA) AA24-109A Highlights Attacks Targeting Businesses and Critical Infrastructure in North America, Europe, and Australia

FBI and CISA, in conjunction with the U.S. and leading international cybersecurity agencies, have recently issued a joint advisory AA24-109A warning defenders of a surge in cyber attacks leveraging Akira ransomware. According to investigations, related malicious campaigns have affected 250+ organizations and claimed around $42 million in ransom payments.  Detect Akira Ransomware Attacks Escalating ransomware […]

Read More
CVE-2023-42793 Detection: Large-Scale Exploitation of the JetBrains TeamCity Vulnerability by the russian Foreign Intelligence Service
CVE-2023-42793 Detection: Large-Scale Exploitation of the JetBrains TeamCity Vulnerability by the russian Foreign Intelligence Service

FBI and CISA, in conjunction with U.S. and international cybersecurity authorities, warn the global cyber defender community about large-scale exploitation of CVE-2023-42793, a critical JetBrains TeamCity CVE potentially leading to RCE on the vulnerable instances. The related cybersecurity alert AA23-347A attributes the ongoing cyber-offensive operations to the russian Foreign Intelligence Service (SVR) represented by the […]

Read More
Chinese State-Sponsored Cyber Actor Detection: Joint Cybersecurity Advisory (CSA) AA23-144a Sheds Light on Stealty Activity by Volt Typhoon Targeting U.S. Critical Infrastructure
Chinese State-Sponsored Cyber Actor Detection: Joint Cybersecurity Advisory (CSA) AA23-144a Sheds Light on Stealty Activity by Volt Typhoon Targeting U.S. Critical Infrastructure

For years, China has been launching offensive operations aimed at collecting intelligence and gathering sensitive data from U.S. and global organizations in multiple industries, with attacks frequently related to nation-backed APT groups, like Mustang Panda or APT41. On May 24, 2023, NSA, CISA, and FBA, in conjunction with other U.S. and international authoring agencies, issued […]

Read More
Snake Malware Detection: Cyber-Espionage Implant Leveraged by russia-Affiliated Turla APT in a Long-Lasting Campaign Against NATO Countries
Snake Malware Detection: Cyber-Espionage Implant Leveraged by russia-Affiliated Turla APT in a Long-Lasting Campaign Against NATO Countries

On May 9, 2023, the U.S. Department of Justice revealed the details of a joint operation dubbed MEDUSA that resulted in the disruption of the Snake cyber-espionage implant infrastructure actively leveraged to target 50+ countries in North America, Europe, and Africa.  First emerging in 2003, the malicious tool has been used by the Turla group, […]

Read More