6 matches found
Attacks on Managed Service Providers Expected to Increase
CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs--as a vector to their customers--are likely to increase. No details about what this prediction is based on. Makes sense, though. The SolarWinds attack was incredibly successful for the...
More Russian SVR Supply-Chain Attacks
Microsoft is reporting that the same attacker that was behind the SolarWinds breach -- the Russian SVR, which Microsoft is calling Nobelium -- is continuing with similar supply-chain attacks: Nobelium has been attempting to replicate the approach it has used in past attacks by targeting...
CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise
CISA has released an analysis report, AR21-134A Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise. The report provides detailed steps for affected organizations to evict the adversary from compromised on-premises and cloud environments. Additionally,...
Joint NCSC-CISA-FBI-NSA Cybersecurity Advisory on Russian SVR Activity
CISA has joined with the United Kingdom's National Cyber Security Centre NCSC, the Federal Bureau of Investigation FBI, and the National Security Agency NSA, in releasing a Joint Cybersecurity Advisory on Russian Foreign Intelligence Service SVR tactics, techniques, and procedures. Further TTPs...
NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks
CISA, the National Security Agency NSA, and the Federal Bureau of Investigation FBI have released a Joint Cybersecurity Advisory CSA on Russian Foreign Intelligence Service SVR actors scanning for and exploiting vulnerabilities to compromise U.S. and allied networks, including national security a...
CISA and CNMF Analysis of SolarWinds-related Malware
CISA and the Department of Defense DoD Cyber National Mission Force CNMF have analyzed additional SolarWinds-related malware variants—referred to as SUNSHUTTLE and SOLARFLARE. One of the analyzed files was identified as a China Chopper webshell server-side component that was observed on a network...