CISA Cybersecurity Alerts
Activity Overview
Episode publication activity over the past year
Episodes
CISA Alert AA23-165A – Understanding Ransomware Threat Actors: LockBit.
15 Jun 2023
Contributed by Lukas
CISA, FBI, the MS-ISAC, and international partners are releasing this Cybersecurity Advisory to detail LockBit ransomware incidents and provide recomm...
CISA Alert AA23-158A – #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.
09 Jun 2023
Contributed by Lukas
FBI and CISA are releasing this joint CSA to disseminate known CL0P ransomware IOCs and TTPs identified through FBI investigations as recently as June...
CISA Alert AA23-144A – People's Republic of China state-sponsored cyber actor living off the land to evade detection.
25 May 2023
Contributed by Lukas
Cybersecurity authorities are issuing this joint Cybersecurity Advisory to highlight a recent cluster of activity associated with a People’s Republi...
CISA Alert AA23-136A – #StopRansomware: BianLian Ransomware Group.
18 May 2023
Contributed by Lukas
FBI, CISA, and the Australian Cyber Security Centre are releasing this joint Cybersecurity Advisory to disseminate known BianLian ransomware and data ...
CISA Alert AA23-131A – Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG.
12 May 2023
Contributed by Lukas
FBI and CISA are releasing this joint Cybersecurity Advisory in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in ce...
CISA Alert AA23-129A – Hunting Russian intelligence “Snake” malware.
11 May 2023
Contributed by Lukas
The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service, or ...
CISA Alert AA23-108A – APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers.
20 Apr 2023
Contributed by Lukas
The UK National Cyber Security Centre (NCSC), NSA, CISA, and FBI are releasing this joint advisory to provide TTPs associated with APT28’s exploitat...
CISA Alert AA23-075A – #StopRansomware: LockBit 3.0.
18 Mar 2023
Contributed by Lukas
CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint advisory to share known LockBit 3.0 ransomware IOCs an...
CISA Alert AA23-074A – Threat actors exploit progress telerik vulnerability in U.S. government IIS server.
16 Mar 2023
Contributed by Lukas
CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint Cybersecurity Advisory to provide IT infrastructure de...
CISA Alert AA23-061A – #StopRansomware: Royal ransomware.
03 Mar 2023
Contributed by Lukas
CISA and FBI are releasing this joint advisory to disseminate known Royal ransomware IOCs and TTPs identified through recent FBI threat response activ...
CISA Alert AA23-059A – CISA red team shares key findings to improve monitoring and hardening of networks.
03 Mar 2023
Contributed by Lukas
The Cybersecurity and Infrastructure Security Agency is releasing this Cybersecurity Advisory detailing activity and key findings from a recent CISA r...
CISA Alert AA23-040A – #StopRansomware: ransomware attacks on critical infrastructure fund DPRK malicious cyber activities.
10 Feb 2023
Contributed by Lukas
CISA, NSA, FBI, the US Department of Health and Human Services, the Republic of Korea National Intelligence Service, and the Republic of Korea Defense...
CISA Alert AA23-039A – ESXiArgs ransomware virtual machine recovery guidance.
09 Feb 2023
Contributed by Lukas
CISA and the FBI are releasing this alert in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors are exploiting kno...
CISA Alert AA23-025A – Protecting against malicious use of remote monitoring and management software
26 Jan 2023
Contributed by Lukas
CISA, NSA, and the MS-ISAC are releasing this alert to warn network defenders about malicious use of legitimate remote monitoring and management softw...
CISA Alert AA22-335A – #StopRansomware: Cuba Ransomware
07 Dec 2022
Contributed by Lukas
The FBI and CISA are releasing this alert to disseminate known Cuba Ransomware Group indicators of compromise and TTPs identified through FBI investig...
CISA Alert AA22-321A – #StopRansomware: Hive Ransomware.
18 Nov 2022
Contributed by Lukas
The FBI, CISA, and the Department of Health and Human Services are releasing this alert to disseminate known Hive Ransomware Group indicators of compr...
CISA Alert AA22-320A – Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester.
16 Nov 2022
Contributed by Lukas
From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch organization where CISA obs...
CISA Alert AA22-294A – #StopRansomware: Daixin Team.
24 Oct 2022
Contributed by Lukas
FBI, CISA, and Department of Health and Human Services are releasing this joint advisory to provide information on the Daixin Team, a cybercrime group...
CISA Alert AA22-279A – Top CVEs actively exploited by People’s Republic of China state-sponsored cyber actors.
07 Oct 2022
Contributed by Lukas
This joint Cybersecurity Advisory provides the top CVEs used by the People’s Republic of China state-sponsored cyber actors. PRC cyber actors contin...
CISA Alert AA22-277A – Impacket and exfiltration tool used to steal sensitive information from defense industrial base organization.
04 Oct 2022
Contributed by Lukas
From November 2021 through January 2022, the CISA responded to APT activity against a Defense Industrial Base organization’s enterprise network. Dur...
CISA Alert AA22-265A – Control system defense: know the opponent.
22 Sep 2022
Contributed by Lukas
This alert builds on previous NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure. The alert documentation linked in the show ...
CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania.
22 Sep 2022
Contributed by Lukas
In July 2022, Iranian state cyber actors—identifying as “HomeLand Justice”—launched a destructive cyber attack against the Government of Alban...
CISA Alert AA22-257A – Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations.
15 Sep 2022
Contributed by Lukas
This joint Cybersecurity Advisory highlights continued malicious cyber activity by advanced persistent threat actors affiliated with the Iranian Gover...
CISA Alert AA22-249A – #StopRansomware: Vice Society.”
06 Sep 2022
Contributed by Lukas
CISA, the FBI, and the Multi-State Information Sharing and Analysis Center, or MS ISAC, are releasing this advisory to disseminate indicators of compr...
CISA Alert AA22-228A – Threat actors exploiting multiple CVEs against Zimbra Collaboration suite.
17 Aug 2022
Contributed by Lukas
CISA and the Multi-State Information Sharing & Analysis Center, or MS-ISAC are publishing this joint Cybersecurity Advisory in response to active expl...
CISA Alert AA22-223A – #StopRansomware: Zeppelin Ransomware.
11 Aug 2022
Contributed by Lukas
Zeppelin ransomware functions as a ransomware-as-a-service (RaaS), and since 2019, actors have used this malware to target a wide range of businesses ...
CISA Alert AA22-216A – 2021 top malware strains.
04 Aug 2022
Contributed by Lukas
This joint Cybersecurity Advisory was coauthored by CISA and the Australian Cyber Security Centre, or ACSC. This advisory provides details on the top ...
Update 1 to CISA Alert AA22-174A – Malicious cyber actors continue to exploit Log4Shell in VMware Horizon systems.
18 Jul 2022
Contributed by Lukas
CISA and the US Coast Guard Cyber Command are releasing this joint Cybersecurity Advisory to warn network defenders that cyber threat actors, includin...
CISA Alert AA22-187A – North Korean state-sponsored cyber actors use Maui ransomware to target the healthcare and public health sector.
06 Jul 2022
Contributed by Lukas
The FBI, CISA, and the Department of the Treasury are releasing this joint Cybersecurity Advisory to provide information on Maui ransomware, which has...
CISA Alert AA22-181A – #StopRansomware: MedusaLocker.
30 Jun 2022
Contributed by Lukas
CISA, the FBI, the Department of the Treasury, and the Financial Crimes Enforcement Network are releasing this alert to provide information on MedusaL...
CISA Alert AA22-174A – Malicious cyber actors continue to exploit Log4Shell in VMware Horizon systems.
24 Jun 2022
Contributed by Lukas
CISA and the US Coast Guard Cyber Command are releasing this joint Cybersecurity Advisory to warn network defenders that cyber threat actors, includin...
CISA Alert AA22-158A – People’s Republic of China state-sponsored cyber actors exploit network providers and devices.
08 Jun 2022
Contributed by Lukas
This joint Cybersecurity Advisory describes the ways in which People’s Republic of China state-sponsored cyber actors continue to exploit publicly k...
Update 1 to CISA Alert AA22-138B – Threat actors chaining unpatched VMware vulnerabilities for full system control.
08 Jun 2022
Contributed by Lukas
Malicious cyber actors are exploiting multiple critical vulnerabilities in VMware products. Successful exploitation permits malicious actors to trigge...
CISA Alert AA22-152A – Karakurt data extortion group.
01 Jun 2022
Contributed by Lukas
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and...
CISA Alert AA22-138B – Threat actors chaining unpatched VMware vulnerabilities for full system control.
20 May 2022
Contributed by Lukas
CISA is releasing this cybersecurity advisory to warn organizations that malicious cyber actors are exploiting CVE-2022-22954 and CVE-2022-22960. Thes...
CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388.
19 May 2022
Contributed by Lukas
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploi...
CISA Alert AA22-137A – Weak security controls and practices routinely exploited for initial access.
17 May 2022
Contributed by Lukas
This joint cybersecurity advisory was coauthored by the cybersecurity authorities of the US, Canada, New Zealand, the Netherlands, and the UK. Cyber a...
CISA Alert AA22-131A – Protecting against cyber threats to managed service providers and their customers.
12 May 2022
Contributed by Lukas
The cybersecurity authorities of the UK, Australia, Canada, New Zealand, and the US have observed a recent increase in malicious cyber activity agains...
Update 1 to CISA Alert AA22-076A – Strengthening cybersecurity of SATCOM network providers and customers.
10 May 2022
Contributed by Lukas
The US government attributes cyberattacks on satellite communication (SATCOM) networks to Russian state-sponsored malicious cyber actors. The FBI and ...
CISA Alert AA22-117A – 2021 top routinely exploited vulnerabilities.
27 Apr 2022
Contributed by Lukas
This joint Cybersecurity Advisory was coauthored by cybersecurity authorities of the US, Australia, Canada, New Zealand, and the UK. This advisory pro...
CISA Alert AA22-110A – Russian state-sponsored and criminal cyber threats to critical infrastructure.
20 Apr 2022
Contributed by Lukas
The allied cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecuri...
CISA Alert AA22-108A – TraderTraitor: North Korean state-sponsored APT targets blockchain companies.
18 Apr 2022
Contributed by Lukas
This joint Cybersecurity Advisory highlights the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored...
CISA Alert AA22-103A – APT Cyber Tools Targeting ICS/SCADA Devices.
13 Apr 2022
Contributed by Lukas
The DOE, CISA, NSA, and the FBI are releasing this joint Cybersecurity Advisory to warn that certain APT actors have demonstrated the ability to gain ...
CISA Alert AA22-076A – Strengthening Cybersecurity of SATCOM Network Providers and Customers.
31 Mar 2022
Contributed by Lukas
The FBI and CISA are aware of possible threats to U.S. and international satellite communication (SATCOM) networks. Successful intrusions into SATCOM ...
CISA Alert AA22-074A – Russian state-sponsored cyber actors gain network access by exploiting default MFA protocols and “PrintNightmare” vulnerability.
31 Mar 2022
Contributed by Lukas
The FBI and CISA are releasing this joint Cybersecurity Advisory to warn organizations that Russian state-sponsored cyber actors have gained network a...
CISA Alert AA22-057A – Destructive malware targeting organizations in Ukraine.
31 Mar 2022
Contributed by Lukas
This Joint Cybersecurity Advisory between CISA and the FBI provides technical information on WhisperGate and HermeticWiper malware as well as open-sou...
CISA Alert AA22-083A – TTPs of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector.
31 Mar 2022
Contributed by Lukas
This joint Cybersecurity Advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to ...
CISA Alert AA22-055A – Iranian government-sponsored actors conduct cyber operations against global government and commercial networks.
24 Feb 2022
Contributed by Lukas
The FBI, CISA, US Cyber Command Cyber National Mission Force, and the United Kingdom’s National Cyber Security Centre have observed a group of Irani...
CISA Alert AA22-054A – New Sandworm malware “Cyclops Blink” replaces VPNFilter.
23 Feb 2022
Contributed by Lukas
CISA, the UK’s National Cyber Security Centre (NCSC), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have identif...
CISA Alert AA22-047A – Russian state-sponsored cyber actors target cleared defense contractor networks to obtain sensitive US defense information and technology.
16 Feb 2022
Contributed by Lukas
CISA, the FBI, and NSA have observed Russian state-sponsored cyber actors regularly target US cleared defense contractors from at least January 2020 t...
CISA Alert AA22-040A – 2021 trends show increased globalized threat of ransomware.
09 Feb 2022
Contributed by Lukas
In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomwa...
CISA Cybersecurity Alerts - Trailer
01 Feb 2022
Contributed by Lukas
Flash cybersecurity advisories from the US Government. These alerts provide timely technical and operational information, indicators of compromise, an...