enarzh-TWfrdehiitjaes

blank

Timex

TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer

Original release date: November 14, 2017 | Last revised: November 15, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a Trojan ma...
Continue reading
159 Hits

TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL

Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by th...
Continue reading
148 Hits

TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors

Original release date: October 20, 2017 Systems Affected Domain ControllersFile ServersEmail Servers Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and cr...
Continue reading
163 Hits

TA17-181A: Petya Ransomware

Original release date: July 01, 2017 | Last revised: July 28, 2017 Systems Affected Microsoft Windows operating systems Overview This Alert has been updated to reflect the National Cybersecurity and Communications Integration Center's (NCCIC) analysis of the "NotPetya" malware variant. The scope of this Alert’s analysis is limited to the newest Petya malware variant that surfaced on June 27, 2017. This malware is referred to as “NotPetya” t...
Continue reading
224 Hits

TA17-181A: Petya Ransomware

Original release date: July 01, 2017 Systems Affected Microsoft Windows operating systems Overview On June 27, 2017, NCCIC was notified of Petya ransomware events occurring in multiple countries and affecting multiple sectors. Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. The NCCIC Code Analysis Team produced a Malware Initial Findings Report (MIFR) to provide in-depth te...
Continue reading
296 Hits

TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

Original release date: June 13, 2017 Systems Affected Networked Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors...
Continue reading
356 Hits

TA17-163A: CrashOverride Malware

Original release date: June 12, 2017 | Last revised: July 27, 2017 Systems Affected Industrial Control Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine. As reported by ESET and Dragos , the CrashOv...
Continue reading
232 Hits

TA17-163A: CrashOverride Malware

Original release date: June 12, 2017 | Last revised: June 14, 2017 Systems Affected Industrial Control Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine. As reported by ESET and Dragos , the CrashOv...
Continue reading
262 Hits

TA17-156A: Reducing the Risk of SNMP Abuse

Original release date: June 05, 2017 Systems Affected SNMP enabled devices Overview The Simple Network Management Protocol (SNMP) may be abused to gain unauthorized access to network devices. SNMP provides a standardized framework for a common language that is used for monitoring and managing devices in a network. This Alert provides information on SNMP best practices, along with prevention and mitigation recommendations. Description SNMP d...
Continue reading
216 Hits

TA17-156A: Reducing the Risk of SNMP Abuse

Original release date: June 05, 2017 Systems Affected SNMP enabled devices Overview The Simple Network Management Protocol (SNMP) may be abused to gain unauthorized access to network devices. SNMP provides a standardized framework for a common language that is used for monitoring and managing devices in a network. This Alert provides information on SNMP best practices, along with prevention and mitigation recommendations. Description SNMP d...
Continue reading
294 Hits