Newsroom

 

• IRANIAN STATE ACTORS CONDUCT CYBER OPERATIONS AGAINST THE GOVERNMENT OF ALBANIA 
  • This joint Cybersecurity Advisory details Iranian State Actors Conduct Cyber Operations Against the Government of Albania. CISA and the Federal Bureau of Investigation urge network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this advisory.
• IRANIAN ISLAMIC REVOLUTIONARY GUARD CORPS-AFFILIATED CYBER ACTORS EXPLOIT VULNERABILITIES FOR RANSOM OPERATIONS
  • This joint Cybersecurity Advisory details Iranian Islamic Revolutionary Guard Corps-affiliated cyber actors exploiting vulnerabilities for data extortion and disk encryption for ransom operations. CISA, the Federal Bureau of Investigation, National Security Agency, U.S. Cyber Command - Cyber National Mission Force (CNMF), Department of the Treasury, Australian Cyber Security Centre, Canadian Centre for Cyber Security, and United Kingdom’s National Cyber Security Centre urge network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this advisory.
• JOINT ADVISORY DETAILS VICE SOCIETY RANSOMWARE ATTACK TECHNIQUES, OFFERS MITIGATION
  • The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory on Vice Society actors disproportionately targeting the education sector with ransomware attacks as recently as September 2022.
• JOINT CYBERSECURITY ADVISORY: ZEPPELIN RANSOMWARE  
  • The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Zeppelin ransomware which has been identified through FBI investigations as recently as April 2022.
• CISA AND ACSC RELEASE TOP 2021 MALWARE STRAINS
  • The Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) published a Cybersecurity Advisory (CSA) that provides details on the 2021 top malware strains used by malicious cyber actors to covertly compromise and then gain unauthorized access to a computer or mobile device. The top malware strains in 2021 include remote access Trojans (RATs), banking Trojans, information stealers, and ransomware. Read the advisory to learn how to detect and protect against these and other cyber threats.
• NORTH KOREAN STATE-SPONSORED CYBER ACTORS USE MAUI RANSOMWARE TO TARGET THE HEALTHCARE AND PUBLIC HEALTH SECTOR
  • This joint Cybersecurity Advisory (CSA) from CISA, FBI, and the U.S. Department of Treasury provides information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations. Learn about the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) of this threat.
• JOINT ADVISORY DETAILS MEDUSALOCKER RANSOMWARE CYBER THREAT
  • Malicious actors have used MedusaLocker ransomware in attacks as recently as May 2022. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released recommended actions, mitigations, and resources for organizations to use to protect against and respond to this cyber threat.
• CISA AND FBI URGE ORGANIZATIONS TO REMAIN VIGILANT TO RANSOMWARE THREATS ON HOLIDAYS, INCLUDING THIS LABOR DAY
  • Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends over the last several months this year. The FBI and CISA encourage all entities to examine their current cybersecurity posture and implement the recommended best practices and mitigations to manage the risk posed by all cyber threats, including ransomware.
• COORDINATED ACTION CUTS OFF ACCESS TO VPN SERVICE USED BY RANSOMWARE GROUPS
  • Law enforcement and judicial authorities in Europe, the U.S., and Canada seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims. 
• STATEMENT FROM CISA ACTING DIRECTOR WALES ON EXECUTIVE ORDER TO IMPROVE THE NATION’S CYBERSECURITY AND PROTECT FEDERAL NETWORKS
  • After President Biden signed an executive order to improve the nation’s cybersecurity and protect federal government networks, Brandon Wales, Acting Director if the Cybersecurity and Infrastructure Security Agency (CISA) released a statement about the importance of this step forward after the recent ransomware attacks on the Colonial Pipeline.
• CISA AND CYBER.ORG PARTNER TO DELIVER CYBER SAFETY VIDEO SERIES
  • The Cybersecurity and Infrastructure Security Agency (CISA) and CYBER.ORG jointly announce a cyber safety video series to help those learning or working online take proactive steps to protect themselves and their business. The video series currently includes five videos that provide easy to understand cybersecurity concepts which include tips to avoid becoming a victim of a ransomware attack.
• CISA LAUNCHES CAMPAIGN TO REDUCE THE RISK OF RANSOMWARE
  • The Cybersecurity and Infrastructure Security Agency (CISA) announces the Reduce the Risk of Ransomware Campaign, a focused, coordinated, and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.
• CISA AND MS-ISAC RELEASE JOINT RANSOMWARE GUIDE
  • The Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing a joint Ransomware Guide meant to be a one-stop resource for stakeholders on how to be proactive and prevent these attacks from happening and also a detailed approach on how to respond to an attack and best resolve the cyber incident.
• ROMANIAN WOMAN PLEADS GUILTY TO FEDERAL CHARGES IN HACKING OF METROPOLITAN POLICE DEPARTMENT SURVEILLANCE CAMERAS
  • A Romanian woman pleaded guilty to federal charges stemming from her role in a conspiracy to illegally access approximately126 computers associated with Metropolitan Police Department (MPD) surveillance cameras, and to use those computers in connection with a scheme to distribute ransomware in January 2017.
• ATLANTA U.S. ATTORNEY CHARGES IRANIAN NATIONALS FOR CITY OF ATLANTA RANSOMWARE ATTACK
  • Iraninian nationals were charged with committing a sophisticated ransomware attack on the City of Atlanta in violation of the Computer Fraud and Abuse Act.
• RUSSIAN NATIONAL AND BITCOIN EXCHANGE CHARGED IN 21-COUNT INDICTMENT FOR OPERATING ALLEGED INTERNATIONAL MONEY LAUNDERING SCHEME AND ALLEGEDLY LAUNDERING FUNDS FROM HACK OF MT. GOX
  • A Russian national and organization BTC-e were indicted by a grand jury in Northern California for operating an unlicensed money service business, money laundering and related crimes. BTC-e was noted for its role in numerous ransomware and other cyber criminal activity, according to Special Agent in Charge of the USSS Criminal Investigative Division Michael D’Ambrosio.
• TWO ROMANIAN SUSPECTS CHARGED WITH HACKING OF METROPOLITAN POLICE DEPARTMENT SURVEILLANCE CAMERAS IN CONNECTION WITH RANSOMWARE SCHEME
  • A criminal complaint and arrest warrants were unsealed charging two Romanian nationals with a conspiracy to illegally access approximately 123 computers associated with Metropolitan Police Department (MPD) surveillance cameras and to use those computers in connection with a scheme to distribute ransomware in January 2017.