CERT alerts

A collection of 97 posts

CERT alerts

Information about Spear Fishing campaign targeting the Mongolian government

FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy

CERT alerts

Information about Shamoon 2 malware

IBM analysts recently unveiled a first look at how threat actors may have placed Shamoon2 malware on systems in Saudi Arabia.

CERT alerts

Information about Lazarus FalseFlag Malware

We continue to investigate the recent wave of attacks on banks using watering-holes on at least two financial regulator websites as well as others. Our initial analysis of malware disclosed in the BadCyber blog hinted at the involvement of the 'Lazarus' threat actor.

CERT alerts

Information about ChChes malware

Since around October 2016, JPCERT/CC has been confirming emails that are sent to Japanese organisations with a ZIP file attachment containing executable files. The targeted emails, which impersonate existing persons, are sent from free email address services available in Japan.

CERT alerts

Information about attack against soldiers of Israeli Defense Force compromising their devices with Android OS

Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor. The attack compromised their devices and exfiltrated data to the attackers’ command and control server.

CERT alerts

Information about ViperRat: a mobile APT

ViperRAT is an active, advanced persistent threat (APT) that sophisticated threat actors are actively using to target and spy on the Israeli Defense Force.

CERT alerts

Information about operation BugDrop targeting Ukrainian organizations

CyberX has discovered a new, large-scale cyber-reconnaissance operation targeting a broad range of targets in the Ukraine.

CERT alerts

Information about Shamoon attacks (affected government and civil organizations across Gulf states)

Researchers from the IBM X-Force Incident Response and Intelligence Services (IRIS) team identified a missing link in the operations of a threat actor involved in recent Shamoon malware attacks against Gulf state organizations.

CERT alerts

Information about PuppyRAT malware

SecureWorks® Counter Threat Unit™ (CTU) researchers analyzed a phishing campaign that targeted a Middle Eastern organization in early January 2017. Some of messages were sent from legitimate email addresses belonging to several Middle Eastern organizations.

CERT alerts

Information about Magic Hound campaign attacks Saudi targets

Unit 42 has discovered a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which we have named Magic Hound.

CERT alerts

Information about a series of attacks directed at Polish financial institutions

On 3rd February 2017, researchers at badcyber.com released an article that detailed a series of attacks directed at Polish financial institutions.

CERT alerts

Information about cyber attack targeting Indian Navy’s submarine and warship manufacturer

On 26th January, 2017 Indian Navy displayed its state-of-the-art stealth guided missile destroyer INS Chennai and the indigenously-made Kalvari class Scorpene submarines at the Republic Day parade showcasing India’s military strength and achievements.

CERT alerts

An analysis of GRIZZLY STEPPE activity

The Department of Homeland Security (DHS) and Communications Integration Center (NCCIC) has collaborated with interagency partners and private-industry stakeholders to provide an Analytical Report (AR) with recommendations to detect and mitigate threats from GRIZZLY STEPPE actors.

CERT alerts

Information about hacking several Polish Banks

Polish banks are frantically scanning their workstations and servers while checking logs in the search of signs of infection after some of them noticed unusual network activity and unauthorised files on key machines within their networks.

CERT alerts

A paper about KINGSLAYER – a supply chain attack

In the course of this tactical hunt for unidentified code, RSA discovered a sophisticated attack on a software supply-chain involving a Trojan inserted in otherwise legitimate software; software that is typically used by enterprise system administrators.

CERT alerts

Information about Nile Phish phishing campaign against Egyptian civil society

This report describes Nile Phish, an ongoing and extensive phishing campaign against Egyptian civil society. In recent years, Egypt has witnessed what is widely described as an “unprecedented crackdown,” on both civil society and dissent.

CERT alerts

This document provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows 7.

This document provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows 7.

CERT alerts

This document provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows 8.1.

This document provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows 8.1.

CERT alerts

This document provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows 10 Enterprise Release.

This document provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows 10 Enterprise Release 1511.

CERT alerts

Infomation about spear phishing attack against Indian Embassies and Ministry of external affairs

This blog post describes another attack campaign where attackers used the Uri terror attack and Kashmir protest themed spear phishing emails to target officials in the Indian Embassies and Indian Ministry of External Affairs (MEA).

CERT alerts

Russian Nation State Targeting of Government and Military Interests

The tr1adx team performs on-going research into Threat Actors, irrespective of their motivation, provenance, or targets. tr1adx Intelligence Bulletin #00003 shares intel on Russian Nation State Cyber Activity targeting Government and Military interests around the world.

CERT alerts

Information about a campaign targeting the World Anti Doping Agency (WADA)

The tr1adx team identified what we believe to be a new campaign, which we assess to be attributed to the Russian Nation State Threat Actor APT28 (a.k.a. Fancy Bear), yet again targeting the World Anti-Doping Agency (WADA) .

CERT alerts

A paper about APT28 targeting and intrusion activity

On December 29, 2016, the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) released a Joint Analysis Report confirming FireEye’s long held public assessment that the Russian Government sponsors APT28.

CERT alerts

Iranian threat agent targeting other countries.

Iranian threat agent OilRig has been targeting multiple organisations in Israel and other countries in the Middle East since the end of 2015. In recent attacks they set up a fake VPN Web Portal and targeted at least five Israeli IT vendors, several financial institutes, and the Israeli Post Office.

CERT alerts

A paper about foreign cyber threats to the United States

The order of the topics presented in this statement does not necessarily indicate the relative importance or magnitude of the threat in the view of the Intelligence Community.