Following last week’s US airstrikes against Iranian military leadership, the FBI observed increased reporting of website defacement activity disseminating Pro-Iranian messages. The FBI believes several of the website defacements were the result of cyber actors exploiting known vulnerabilities in content management systems (CMSs) to upload defacement files.
Originating Organization: United States
- Department of Justice
- Office of the Director of National Intelligence
- California
- Department of Homeland Security
- Department of Defense
- New Jersey
- Delaware
- Florida
- Ohio
- Washington
- High Intensity Drug Trafficking Area
- Executive Office of the President of the United States
- Pennsylvania
- Nevada
- Maryland
- Mississippi
- Department of the Treasury
- Oregon
- Department of Energy
- Senate
- Department of State
- Department of Health and Human Services
- New York
- Supreme Court of the United States
- New Mexico
- House of Representatives
- Drug Enforcement Administration
- Federal Bureau of Investigation
- Office of Justice Programs
- Office of Community Oriented Policing Services
- El Paso Intelligence Center
- DEA Philadelphia Division
- Special Testing and Research Laboratory
- DEA Phoenix Division
- FBI Cyber Division
- Counterterrorism Division
- Office of Private Sector
- National Domestic Communications Assistance Center
- Behavioral Analysis Unit
- Counterintelligence Division
- Phoenix Field Office
- Criminal Justice Information Systems Division
- Bureau of Justice Assistance
- National Institute of Justice
- National Counterintelligence and Security Center
- National Counterterrorism Center
- Cyber Threat Intelligence Integration Center
- National Intelligence Council
- Orange County Intelligence Assessment Center
- Northern California Regional Intelligence Center
- California Cybersecurity Integration Center
- San Diego Law Enforcement Coordination Center
- Governor's Office of Emergency Services
- Intelligence Fusion Centers
- National Protection and Programs Directorate
- National Coordinating Center for Communications
- Office of Intelligence and Analysis
- Customs and Border Protection
- Immigration and Customs Enforcement
- U.S. Secret Service
- Transportation Security Administration
- Cybersecurity and Infrastructure Security Agency
- Federal Emergency Management Agency
- Office of Cyber and Infrastructure Analysis
- Office of Cybersecurity and Communications
- National Cybersecurity and Communications Integration Center
- Counterterrorism Mission Center
- Cyber Mission Center
- Office of Intelligence
- U.S. Border Patrol
- National Threat Assessment Center
- U.S. Army
- Defense Intelligence Agency
- Joint Chiefs of Staff
- Defense Personnel and Security Research Center
- Defense Forensics and Biometrics Agency
- U.S. Air Force
- U.S. Northern Command
- Office of the Secretary of Defense
- U.S. Marine Corps
- National Reconnaissance Office
- U.S. Army Training and Doctrine Command
- Asymmetric Warfare Group
- Training and Doctrine Command
- Center for Law and Military Operations
- Army Capabilities Integration Center
- Army Threat Inegration Center
- Office of Special Investigations
- U.S. Army North
- Office of Homeland Security and Preparedness
- Regional Operations and Intelligence Center
- Delaware Information and Analysis Center
- Central Florida Intelligence Exchange
- Northeast Ohio Regional Fusion Center
- Washington State Fusion Center
- Northwest High Intensity Drug Trafficking Area
- Michigan High Intensity Drug Trafficking Area
- Council of Economic Advisers
- Pennsylvania Criminal Intelligence Center
- Las Vegas Metropolitan Police Department
- Nevada High Intensity Drug Trafficking Area
- Johns Hopkins University
- Mississippi Analysis and Information Center
- Internal Revenue Service
- Oregon TITAN Fusion Center
- Senate Select Committee on Intelligence
- Senate Committee on Homeland Security and Governmental Affairs
- Overseas Security Advisory Council
- New York Police Department
- New Mexico All Source Intelligence Center
Department of Homeland Security, Federal Bureau of Investigation, National Counterterrorism Center
(U//FOUO) DHS-FBI-NCTC Bulletin: Escalating Tensions Between the United States and Iran Pose Potential Threats to the Homeland
This Joint Intelligence Bulletin (JIB) is intended to assist federal, state, local, tribal, and territorial counterterrorism, cyber, and law enforcement officials, and private sector partners, to effectively deter, prevent, preempt, or respond to incidents, lethal operations, or terrorist attacks in the United States that could be conducted by or on behalf of the Government of Iran (GOI) if the GOI were to perceive actions of the United States Government (USG) as acts of war or existential threats to the Iranian regime.
Transportation Security Administration
(U//FOUO) TSA Vehicle Ramming Attacks Report April 2019
Based on our analysis of terrorist publications such as Rumiyah and observations of terrorism-inspired events worldwide, we believe terrorist organizations overseas have advocated conducting vehicle ramming attacks against crowds, buildings, and other vehicles, using modified or unmodified large-capacity vehicles. Such attacks could target locations where large numbers of people congregate, including sporting events, entertainment venues, shopping centers, or celebratory gatherings such as parades.
Department of State
Department of State OSAC Guide: Basic Evasive Driving Techniques
U.S. Army
U.S. Army Doctrine Publication: Defense Support of Civil Authorities July 2019
ADP 3-28 clarifies similarities and differences between defense support of civil authorities (DSCA) and other elements of decisive action. DSCA and stability operations are similar in many ways. Both revolve around helping partners on the ground within areas of operations. Both require Army forces to provide essential services and work together with civil authorities. However, homeland operational environments differ from those overseas in terms of law, military chain of command, use of force, and inter-organizational coordination among unified action partners. This ADP helps Army leaders understand how operations in the homeland differ from operations by forces deployed forward in other theaters. It illustrates how domestic operational areas are theaters of operations with special requirements. Moreover, this ADP recognizes that DSCA is a joint mission that supports the national homeland security enterprise. The Department of Defense conducts DSCA under civilian control, based on U.S. law and national policy, and in cooperation with numerous civilian partners. National policy, in this context, often uses the word joint to include all cooperating partners, as in a joint field office led by civil authorities.
Federal Reserve, U.S. Northern Command
U.S. Northern Command Federal Reserve System (FRS) Support Branch Plan
National Reconnaissance Office
(U//FOUO) National Reconnaissance Office Acquisition Manual Change Prohibiting Procurement from Huawei, ZTE, and Other Chinese Companies
The National Reconnaissance Office (NRO) Acquisition Manual is hereby amended by adding new sub-part N4.21, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment, to implement a provision of the 2019 National Defense Authorization Act prohibiting the procurement and use of covered equipment and services produced or provided by Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company.
Federal Bureau of Investigation
FBI Cyber Bulletin: Cyber Criminals Use Social Engineering and Technical Attacks to Circumvent Multi-Factor Authentication
The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks. This PIN explains these methods and offers mitigation strategies for organizations and entities using multi-factor authentication in their security efforts. Multi-factor authentication continues to be a strong and effective security measure to protect online accounts, as long as users take precautions to ensure they do not fall victim to these attacks.
U.S. Marine Corps
(U//FOUO) U.S. Marine Corps AK47 Maintenance Manual
U.S. Marine Corps
(U//FOUO) U.S. Marine Corps AK47 Operator’s Manual
Department of Homeland Security, Iran, Lebanon
(U//FOUO) DHS Intelligence Bulletin: Worldwide Terrorist Operations Linked to Lebanese Hizballah or Iran
This Reference Aid examines tactics and targets garnered from a review of attacks or disrupted terrorist operations from 2012-2018 linked to either Lebanese Hizballah (LH) or Iran. It identifies behaviors and indicators that may rise to the level for suspicious activity reporting in areas such as recruitment, acquisition of expertise, materiel and weapons storage, target type, and operational security measures, which could assist federal, state, local, tribal, and territorial government counterterrorism agencies, law enforcement officials, and private sector partners in detecting, preventing, preempting, and disrupting potential terrorist activity in the Homeland. This Reference Aid does not imply these indicators would necessarily be observed or detected in every situation or that LH and Iran necessarily use the same tactics or demonstrate the same indicators. Some of these detection opportunities may come during the course of normal investigations into illegal activities in the United States such as illicit travel or smuggling of drugs, weapons, or cash, and lead to the discovery of pre-operational activity.
Federal Bureau of Investigation
FBI Report: Ambushes and Unprovoked Attacks on Law Enforcement Officers
Over a number of years, data collected by the FBI’s Law Enforcement Officers Killed and Assaulted {LEOKA} Program began to demonstrate an alarming trend in the number of officers who were killed in ambushes and unprovoked attacks. While the overall number of officers who were feloniously killed was declining, the percentage of officers feloniously killed during surprise attacks was increasing. The LEOKA Program launched a thorough examination of ambushes and unprovoked attacks in an effort to gain insight into the phenomenon and to provide information to enhance training programs for law enforcement officers. The research focused on the mindset and perceptions of officers involved and offenders who carried out those acts. In particular, why the incidents may have occurred and how those involved reacted to the situation.
Federal Bureau of Investigation
FBI Cyber Bulletin: Targeting of Audio and Visual Communication Devices on Business Networks to Identify Vulnerabilities for Exploitation
The FBI identified incidents over the past few months in which cyber actors scanned for and sought to exploit audio and visual communication devices on networks to identify vulnerabilities which could later be used to gain access and unlawfully acquire information about the organization. In addition to targeting corporate information, vulnerable devices may be targeted for compromise for use in botnets or other criminal activities. The types of devices targeted include: Voice over Internet Protocol (VoIP) phones, video conferencing equipment, conference phones, VoIP routers, and cloud-based communication systems. While cyber actors have targeted VoIP and other communication devices in the past, the FBI continues to see these devices scanned by cyber actors for vulnerabilities.
Federal Bureau of Investigation
(U//LES) FBI Bulletin: Anti-Government, Fringe Political Conspiracy Theories Likely Motivate Domestic Extremists to Commit Criminal, Violent Activity
The FBI assesses anti-government, identity based, and fringe political conspiracy theories very likely motivate some domestic extremists, wholly or in part, to commit criminal and sometimes violent activity. The FBI further assesses in some cases these conspiracy theories very likely encourage the targeting of specific people, places, and organizations, thereby increasing the likelihood of violence against these targets. These assessments are made with high confidence, based on information from other law enforcement agencies, open source information, court documents, human sources with varying degrees of access and corroboration, and FBI investigations.
United States
Senate Intelligence Committee Report on Russian Efforts Against Election Infrastructure in the 2016 Election
From 2017 to 2019, the Committee held hearings, conducted interviews, and reviewed intelligence related to Russian attempts in 2016 to access election infrastructure. The Committee sought to determine the extent of Russian activities, identify the response of the U.S. Government at the state, local, and federal level to the threat, and make recommendations on how to better prepare for such threats in the future. The Committee received testimony from state election officials, Obama administration officials, and those in the Intelligence Community and elsewhere in the U.S. Government responsible for evaluating threats to elections.
Joint Chiefs of Staff
(U//FOUO) Joint Staff Briefing Paper on China’s “System Attack” Concept of Warfare
China plans to defeat powerful adversaries by systematically targeting the linkages and nodes that hold an advanced network-centric force together as a cohesive whole. The PLA calls this theory of victory “systems attack and destruction warfare,” hereafter, “system attack. Authoritative PLA doctrine emphasizes importance of system attack as China’s “basic operational method” of warfare. System attack is perhaps best remembered as “the American way of war with Chinese characteristics,” since the PLA developed the concept based on observing U.S. military victories In the 1990s. Some of the PLA’s writings on systems attack are clearly aspirational, but this does not preclude the effectiveness of the approach, and the doctrine shows that the Pl.A is thinking seriously and realistically about how to defeat.an advanced adversary. The requirements of system attack are actively driving PLA reform, acquisitions, operations and training, and the doctrine telegraphs how Chine intends to fight.
U.S. Secret Service
U.S. Secret Service National Threat Assessment Center Report: Mass Attacks in Public Spaces 2018
This report is NTAC’s second analysis of mass attacks that were carried out in public spaces, and it builds upon Mass Attacks in Public Spaces – 2017 (MAPS-2017). In MAPS-2017, NTAC found that attackers from that year were most frequently motivated by grievances related to their workplace or a domestic issue. All of the attackers had recently experienced at least one significant stressor, and most had experienced financial instability. Over three-quarters of the attackers had made threatening or concerning communications, and a similar number had elicited concern from others. Further, most had histories of criminal charges, mental health symptoms, and/or illicit substance use or abuse.
Joint Chiefs of Staff
Joint Publication 3-13.1 Electronic Warfare
All modern forces depend on the electromagnetic spectrum (EMS). The military requirement for unimpeded access to, and use of, the EMS is the key focus for joint electromagnetic spectrum operations (JEMSO), both in support of military operations and as the focus of operations themselves. Electronic warfare (EW) is essential for protecting friendly operations and denying adversary operations within the EMS throughout the operational environment.
Department of Defense, Joint Chiefs of Staff
Joint Staff Strategic Multilayer Assessment: Russian Strategic Intentions
This white paper was prepared as part of the Strategic Multilayer Asssessment, entitled The Future of Global Competition and Conflict. Twenty-three expert contributors contributed to this white paper and provided wide-ranging assessments of Russia’s global interests and objectives, as well as the activities—gray or otherwise—that it conducts to achieve them. This white paper is divided into five sections and twenty-five chapters, as described below. This summary reports some of the white paper’s high-level findings, but it is no substitute for a careful read of the individual contributions.
Joint Chiefs of Staff
Joint Publication 3-13.3 Operations Security
Commanders ensure operational security (OPSEC) is practiced during all phases of operations. OPSEC is a capability that identifies and controls critical information, indicators of friendly force actions attendant to military operations, and incorporates countermeasures to reduce the risk of an adversary exploiting vulnerabilities. As adversary analysts apply more information to an analytical model, the likelihood increases that the analytical model will replicate the observed force. Thus, current and future capabilities and courses of action can be revealed and compromised.
Joint Chiefs of Staff
Joint Publication 3-07.3 Peace Operations
Peace operations are activities intended to build, keep, enforce, or make peace, or when necessary, prevent conflict. They include crisis response and limited contingency operations and frequently involve international military missions to contain conflict, restore peace, and shape the strategic security environment to support reconciliation and rebuilding, as well as to facilitate the transition to legitimate governance. They include peacekeeping operations (PKO), peace building, peacemaking, conflict prevention, and peace enforcement operations (PEO). Peace operations may be conducted under the sponsorship of the United Nations (UN), another international organization, within a coalition of nations, or unilaterally.
Joint Chiefs of Staff
Joint Publication 3-72 Nuclear Operations
Nuclear weapons are a key feature of the security environment. Adversaries increasingly rely on nuclear weapons to secure their interests. Those seeking ways to use nuclear weapons for coercion and war termination present complex deterrence and escalation management challenges. US nuclear weapons and the associated capabilities needed to conduct nuclear operations are essential to ensure an effective deterrent.
Department of Defense
DoD Guidance for the Domestic Use of Unmanned Aircraft Systems in U.S. National Airspace
This policy memorandum provides guidance for the domestic1 use of Department of Defense (DoD) unmanned aircraft systems (UAS) in U.S. National Airspace to ensure that such use is in accordance with U.S. law and DoD policy. Policy Memorandum 15-002, “Guidance for the Domestic Use of Unmanned Aircraft Systems,” February 17, 2015 is hereby rescinded. This guidance implements measures identified in DoD’s efficiency and effectiveness review of domestic use of DoD UAS. The revisions in this memorandum streamline the approval process for domestic use.
Federal Bureau of Investigation
FBI Private Sector Report: US Adversaries Exploit Social Media Information to Target US Individuals and Government Clearance Holders
The FBI’s Washington Field Office, in coordination with the FBI’s Office of Private Sector (OPS), is informing private sector partners regarding foreign intelligence services’ (FIS) exploitation of social media platforms and data to target corporate and US government (USG) clearance holders. FIS and US adversary intelligence officers are using popular US-based social media platforms to identify, recruit, and conduct operations against USG clearance holders, to include private sector employees or contractors supporting the USG. FIS officers will use popular US-based platforms and their respective countries’ social media platforms for personal and intelligence gathering/operations purposes.