FBI TLP Alert
From October 2018 to July 2019, the FBI identified unknown cyber actors attempting to exploit multiple US cleared defense contractor (CDC) websites with two types of SQL injection attacks in an effort to steal database data. These methods of attack are likely indicative of…
The FBI has recently observed brute force attempts against Office 365 accounts of US cleared defense contractors (CDCs). If accounts are successfully compromised, actors can conduct activities such as monitoring traffic, creating other accounts, or moving laterally across a company…
The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks. This PIN explains these methods and offers mitigation strategies for organizations and entities using multi-factor authentication in their security…
Between 7 April and 7 May 2019, three US cities were victims of RobbinHood Ransomware attacks. These attacks represent the first observed instances of RobbinHood Ransomware in the United States. RobbinHood encrypts the files on the victim’s network using RSA-4096, an asymmetric…
Unknown cybercriminals have targeted more than 100 US and international businesses with Ryuk ransomware since approximately August 2018. Ryuk encrypts files on network shares and an infected computer’s filesystem. Once the victim has been compromised, the actors encrypt all the network’s files and…
April 8, the US Government designated Iran’s IRGC as a Foreign Terrorist Organization (FTO) under section 219 of the Immigration and Nationality Act.
Throughout 2018 and 2019, malicious cyber actors used desktop sharing software to facilitate a range of network intrusion activities, using both authorized and unauthorized installations to gain control of victim systems and access to otherwise inaccessible files. Desktop sharing…
Yesterday, the US Government designated Iran’s IRGC as a Foreign Terrorist Organization (FTO) under section 219 of the Immigration and Nationality Act.