December 2020
17.12.2020
US CERT
AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
Title
AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
Published
Dec. 17, 2020, 4 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
Summary
Original release date: December 17, 2020 | Last revised: January 7, 2021SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has ...
10.12.2020
US CERT
AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
Title
AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
Published
Dec. 10, 2020, 6 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-345a
Summary
Original release date: December 10, 2020SummaryThis Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) ...
01.12.2020
US CERT
AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks
Title
AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks
Published
Dec. 1, 2020, 7 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-336a
Summary
Original release date: December 1, 2020

Summary

This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have ...

October 2020
30.10.2020
US CERT
AA20-304A: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data
Title
AA20-304A: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data
Published
Oct. 30, 2020, 7:11 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-304a
Summary
Original release date: October 30, 2020 | Last revised: November 3, 2020SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor techniques. This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure ...
29.10.2020
US CERT
AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector
Title
AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector
Published
Oct. 29, 2020, 12:07 a.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-302a
Summary
Original release date: October 28, 2020 | Last revised: November 2, 2020SummaryThis advisory was updated to include information on Conti, TrickBot, and BazarLoader, including new IOCs and Yara Rules for detection. This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for ...
27.10.2020
US CERT
AA20-301A: North Korean Advanced Persistent Threat Focus: Kimsuky
Title
AA20-301A: North Korean Advanced Persistent Threat Focus: Kimsuky
Published
Oct. 27, 2020, 6 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-301a
Summary
Original release date: October 27, 2020SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the ...
22.10.2020
US CERT
AA20-296B: Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems
Title
AA20-296B: Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems
Published
Oct. 22, 2020, 6 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-296b
Summary
Original release date: October 22, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that Iranian advanced persistent threat (APT) actors are likely intent on influencing and interfering with the U.S. elections to sow discord among voters and undermine public confidence in the ...
22.10.2020
US CERT
AA20-296A: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets
Title
AA20-296A: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets
Published
Oct. 22, 2020, 2:44 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-296a
Summary
Original release date: October 22, 2020SummaryThis joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques This joint cybersecurity advisory—written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure ...
09.10.2020
US CERT
AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
Title
AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
Published
Oct. 9, 2020, 10:21 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-283a
Summary
Original release date: October 9, 2020 | Last revised: October 24, 2020SummaryThis joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note: the analysis in this joint cybersecurity advisory is ongoing, and the ...
06.10.2020
US CERT
AA20-280A: Emotet Malware
Title
AA20-280A: Emotet Malware
Published
Oct. 6, 2020, 7 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-280a
Summary
Original release date: October 6, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center ...
01.10.2020
US CERT
AA20-275A: Potential for China Cyber Response to Heightened U.S.–China Tensions
Title
AA20-275A: Potential for China Cyber Response to Heightened U.S.–China Tensions
Published
Oct. 1, 2020, 6 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-275a
Summary
Original release date: October 1, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. In light of heightened tensions between the United States and China, the Cybersecurity and Infrastructure Security Agency (CISA) is providing ...
September 2020
22.09.2020
US CERT
AA20-266A: LokiBot Malware
Title
AA20-266A: LokiBot Malware
Published
Sept. 22, 2020, 5 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-266a
Summary
Original release date: September 22, 2020 | Last revised: September 23, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) with contributions ...
15.09.2020
US CERT
AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities
Title
AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities
Published
Sept. 15, 2020, 6 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-259a
Summary
Original release date: September 15, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation ...
14.09.2020
US CERT
AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
Title
AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
Published
Sept. 14, 2020, 3 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-258a
Summary
Original release date: September 14, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies. CISA has observed these—and other threat actors with ...
01.09.2020
US CERT
AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity
Title
AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity
Published
Sept. 1, 2020, 2:30 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-245a
Summary
Original release date: September 1, 2020 | Last revised: September 24, 2020SummaryThis joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[1] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[6] It highlights technical approaches to uncovering malicious activity and includes ...
August 2020
26.08.2020
US CERT
AA20-239A: FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks
Title
AA20-239A: FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks
Published
Aug. 26, 2020, 4:17 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-239a
Summary
Original release date: August 26, 2020 | Last revised: October 1, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure ...
14.08.2020
US CERT
AA20-227A: Phishing Emails Used to Deploy KONNI Malware
Title
AA20-227A: Phishing Emails Used to Deploy KONNI Malware
Published
Aug. 14, 2020, 2:59 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-227a
Summary
Original release date: August 14, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA) has observed cyber actors using emails containing a Microsoft Word document with a ...
12.08.2020
US CERT
AA20-225A: Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails
Title
AA20-225A: Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails
Published
Aug. 12, 2020, 3:49 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-225a
Summary
Original release date: August 12, 2020 | Last revised: August 14, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed ...
July 2020
27.07.2020
US CERT
AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices
Title
AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices
Published
July 27, 2020, 2:20 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-209a
Summary
Original release date: July 27, 2020SummaryThis is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network ...
24.07.2020
US CERT
AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902
Title
AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902
Published
July 24, 2020, 12:59 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-206a
Summary
Original release date: July 24, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902 on June 30, 2020.[1] Unpatched F5 BIG-IP devices are ...
23.07.2020
US CERT
AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems
Title
AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems
Published
July 23, 2020, 4:29 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-205a
Summary
Original release date: July 23, 2020SummaryNote: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and ATT&CK for Industrial Control Systems frameworks for all referenced threat actor techniques and mitigations. Over recent months, cyber actors have demonstrated their continued willingness ...
16.07.2020
US CERT
AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation
Title
AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation
Published
July 16, 2020, 2:09 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-198a
Summary
Original release date: July 16, 2020SummaryThis Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing malicious cyber activity that uses network tunneling and spoofing techniques to a specific threat ...
14.07.2020
US CERT
AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java
Title
AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java
Published
July 14, 2020, 1:07 a.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa20-195a
Summary
Original release date: July 13, 2020SummaryOn July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287, affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of ...
02.07.2020
US CERT
AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor
Title
AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor
Published
July 2, 2020, 3 a.m.
URL
https://www.us-cert.gov/ncas/alerts/aa20-183a
Summary
Original release date: July 1, 2020 | Last revised: July 2, 2020SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This advisory—written by the Cybersecurity Security and Infrastructure Security Agency (CISA) ...
June 2020
30.06.2020
US CERT
AA20-182A: EINSTEIN Data Trends – 30-day Lookback
Title
AA20-182A: EINSTEIN Data Trends – 30-day Lookback
Published
June 30, 2020, 4:34 p.m.
URL
https://www.us-cert.gov/ncas/alerts/aa20-182a
Summary
Original release date: June 30, 2020SummaryCybersecurity and Infrastructure Security Agency (CISA) analysts have compiled the top detection signatures that have been the most active over the month of May in our national Intrusion Detection System (IDS), known as EINSTEIN. This information is meant to give the reader a closer look ...

Last Updates

BOSCH PSIRT
15.05.2024
SIEMENS CERT
14.05.2024
US CERT
10.05.2024
US CERT (ICS)
16.05.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds