CISA Alerts

AA21-291A: BlackMatter Ransomware

Original release date: October 18, 2021 Summary Actions You Can Take Now to Protect Against BlackMatter Ransomware • Implement and enforce backup and restoration policies and procedures. • Use strong, unique passwords. • Use multi-factor authentication. • Implement network segmentation and traversal monitoring. Note: this advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) …

AA21-291A: BlackMatter Ransomware Read More »

AA21-287A: Ongoing Cyber Threats to U.S. Water and Wastewater Systems

Original release date: October 14, 2021 Summary Immediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Use strong passwords. • Use multi-factor authentication. Note: This Alert uses the MITRE Adversarial Tactics, Techniques, and Common …

AA21-287A: Ongoing Cyber Threats to U.S. Water and Wastewater Systems Read More »

AA21-265A: Conti Ransomware

Original release date: September 22, 2021 Summary Immediate Actions You Can Take Now to Protect Against Conti Ransomware • Use multi-factor authentication. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, version 9. See the ATT&CK …

AA21-265A: Conti Ransomware Read More »

AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for  referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States …

AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus Read More »

AA21-229A: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS

Original release date: August 17, 2021 Summary On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries.[1] A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code …

AA21-229A: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS Read More »

AA21-209A: Top Routinely Exploited Vulnerabilities

Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).  This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities …

AA21-209A: Top Routinely Exploited Vulnerabilities Read More »

AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013

Original release date: July 20, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information, including indicators of compromise (IOCs), provided in this advisory in 2012 to affected organizations and …

AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013 Read More »

AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department

Original release date: July 19, 2021 Summary This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This advisory provides APT40’s tactics, techniques, and procedures (TTPs) and …

AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department Read More »

AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs

Original release date: July 19, 2021 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for referenced defensive tactics and techniques. The National Security Agency, Cybersecurity …

AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs Read More »