The FBI has obtained information regarding a group of cyber actors who have compromised and stolen sensitive military information from US cleared defense contractors (CDCs) through cyber intrusions. This group utilizes infrastructure emanating from China to conduct their nefarious computer network exploitation (CNE) activities. Information obtained from victims and subsequent analysis indicates that they were targeted based on their US Navy Seaport Enhanced contracts. The actors did not target information pertaining to a specific contract but instead stole all information that they accessed via their malicious cyber activities. Any activity related to this group detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement.
Tag Archive for Cybersecurity
Department of Homeland Security
DHS Report on Cyber-Physical Infrastructure Risks to Smart Cities
As technology pervades into our everyday lives, once simple devices have become smarter and more interconnected to the world around us. This technology is transforming our cities into what are now referred to as “Smart-Cities”. Smart Cities have been defined as urban centers that integrate cyber-physical technologies and infrastructure to create environmental and economic efficiency while improving the overall quality of life. The goal of these new cities is to create a higher quality of life, a more mobile life and an overall increased efficient use of available resources. Some examples of Smart-City technologies are interconnected power grids reducing power waste, smarter transportation resulting in increased traffic management, and smarter infrastructures that reduce hazards and increase efficiency.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Bulletin: Criminal Hackers Target Police to Protest Perceived Injustices
Disruptive cyber attacks by criminal hackers—primarily distributed-denial-of-service (DDoS) attacks—targeting local law enforcement websites have increased since August 2014. We judge that this is almost certainly a result of the heightened coverage surrounding the alleged use of excessive force by law enforcement and an increased focus on incidents of perceived police brutality. The primary impact from the majority of these attacks has been the temporary disruption of the targeted public-facing websites.
Australia
Australian Cyber Security Centre High Profile and International Events Cyber Security Advice
Targeting of high profile and international events by state-sponsored or other foreign adversaries, cyber criminals and issue motivated groups is a real and persistent threat. The information contained on government systems, whether classified or unclassified, is of strategic interest to cyber adversaries. Information gathered through cyber espionage can be used to gain an economic, diplomatic or political advantage.
Financial Crimes Enforcement Network
(U//LES) Financial Crimes Enforcement Network: Tor IP Addresses Increasingly Linked to Cybercrime
Our BSA analysis of 6048 IP addresses associated with the Tor darknet found that in the majority of the SAR filings, the underlying suspicious activity, most frequently account takeovers, might have been prevented if the filing institution had been aware that their network was being accessed via Tor IP addresses. Darknets are Internet based networks used to access content in a manner designed to obscure the identity of the user and his or her associated Internet activity.
Department of Defense
DoD Phishing Warfare Brochure and Fact Sheet
National Guard
(U//FOUO) National Guard Mission Analysis for Cyber Operations
This report fulfills the requirement contained in the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2014, Section 933(e) “National Guard Assessment.” The results of the National Guard’s assessment reflect the Chief of the National Guard Bureau’s (CNGB) view for successfully integrating the National Guard into the Department of Defense’s (DoD) Cyber Mission Force (CMF) and across all Cyber missions to create a Whole of Government and Whole of Nation approach to securing U.S. cyberspace.
Department of Defense
(U//FOUO) Department of Defense Mission Analysis for Cyber Operations
This report fulfills the requirement contained in the National Defense Authorization Act (NDAA) for Fiscal Year 2014, Section 933 “Mission Analysis for Cyber Operations of the Department of Defense (DoD).” The Department undertook an accelerated but deliberate process to conduct the analysis, the outcomes of which are contained in this report. The analysis addressed each sub-section of the statute and was fully vetted across the Department. The results of this analysis reflect the Department’s current view of its requirements for successful conduct of cyberspace operations, leveraging a Total Force solution. As cyberspace capabilities, force structure, and command and control (C2) constructs evolve, the Department will conduct periodic reviews of its cyberspace requirements and adjust them as necessary.
National Security Agency
NSA SHARKSEER Program Zero-Day Net Defense Presentation
Department of the Treasury
Financial Sector Cyber Intelligence Group: APT Targeting U.S. Financial Institutions
As of July 2015, an APT actor that has previously targeted the U.S. financial sector used an implant to provide command and control (C2), according to credible reporting. Implant communications were observed between administrative infrastructure and known malware C2 nodes used in spear-phishing campaigns in July 2015. The communication from administrative infrastructure was an HTTP POST request.
Federal Bureau of Investigation
(U//FOUO) FBI Current Cyberterrorism and Cyber-Espionage Threats to the U.S.
Department of Justice, Federal Bureau of Investigation
Department of Justice Inspector General Audit of FBI Next Generation Cyber Initiative
Following the Office of the Inspector General’s (OIG) April 2011 report on the FBI’s ability to address the national cyber intrusion threat, in October 2012 the FBI launched its Next Generation Cyber (Next Gen Cyber) Initiative to enhance its ability to address cybersecurity threats to the United States. In fiscal year 2014, the FBI initially budgeted $314 million for its Next Gen Cyber Initiative, including a total of 1,333 full-time positions (including 756 agents). In addition, the Department of Justice (Department) requested an $86.6 million increase in funding for fiscal year 2014 to support the Initiative. The objective of this audit was to evaluate the FBI’s implementation of its Next Gen Cyber Initiative.
Australia
Australian Cyber Security Centre Threat Report 2015
This is the first unclassified Australian Cyber Security Centre (ACSC) Threat Report. All ACSC partner agencies have contributed to provide information tailored for Australian organisations about the threats their networks face from cyber espionage, cyber attacks and cybercrime. It also contains mitigation and remediation information to assist organisations to prevent, and respond to, the threat.
Federal Bureau of Investigation
FBI Cyber Division Bulletin: Hacking Team Exploit Used in Spearphishing Campaign Targeting U.S. Government
A bulletin issued by the FBI Cyber Division discusses a spearphishing campaign targeting U.S. government agencies in June and July of 2015. The campaign utilized a Adobe Flash exploit CVE-2015-5119 that was discovered in the 400GB data archive from hacked Italian surveillance technology company Hacking Team that was released publicly earlier this month. The exploit was being sold as a product of Hacking Team and was listed in their product knowledge base. The bulletin notes that the Flash exploit was being used in phishing emails in June 2015 despite the fact that the Hacking Team data was only made public on July 5, 2015.
Federal Bureau of Investigation
FBI Cyber Division Bulletin: Distributed Denial of Service Attack Bitcoin Extortion Campaigns Expanding
Recent FBI investigations and open source reporting reveal that extortion campaigns conducted via e-mails threatening Distributed Denial of Service (DDoS) attacks continue to expand targets from unregulated activities, such as illegal gaming activity, to now include legitimate business operations. The increase in scope has resulted in additional attacks with Bitcoin ransom amounts trending upwards as well.
United States
National Governors Association Brief: Enhancing Role of Fusion Centers in Cybersecurity
In recent years, the growing number and sophistication of threats to the nation’s cyber infrastructure have motivated governors to consider adding or expanding cybersecurity capabilities within state fusion centers. Through fusion centers, states receive classified and unclassified information and intelligence from multiple sources across the nation and combine or “fuse” that information into “products” (for example, law enforcement notices and warnings) that help improve state and national readiness to respond to an attack or threat. Since their inception, fusion centers have become more sophisticated, uniform, and nationally networked. As they have matured and evolved, so have their missions. Originally designed to focus on terrorism, they now address a wider array of threats and hazards, including “accidents; technological events; natural disasters; warfare; and chemical, biological (including pandemic influenza), radiological, nuclear, or explosive events.”
Federal Bureau of Investigation
FBI Cyber Division Bulletin on Tools Reportedly Used by OPM Hackers
The FBI has obtained information regarding cyber actors who have compromised and stolen sensitive business information and Personally Identifiable Information (PII). Information obtained from victims indicates that PII was a priority target. The FBI notes that stolen PII has been used in other instances to target or otherwise facilitate various malicious activities such as financial fraud though the FBI is not aware of such activity by these groups. Any activity related to these groups detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement.
Department of Commerce, Department of Defense, Department of Energy, Department of Health and Human Services, Department of Homeland Security, Department of Justice, Department of the Treasury, Office of the Director of National Intelligence
DHS Privacy and Civil Liberties Assessment Report on Executive Order 13636
Section 5 of Executive Order 13636 (Executive Order) requires the DHS Chief Privacy Officer and Officer for Civil Rights and Civil Liberties to assess the privacy and civil liberties impacts of the activities the Department of Homeland Security (DHS, or Department) undertakes pursuant to the Executive Order and to provide those assessments, together with recommendations for mitigating identified privacy risks, in an annual public report. In addition, the DHS Privacy Office and the Office for Civil Rights and Civil Liberties (CRCL) are charged with coordinating and compiling the Privacy and Civil Liberties assessments conducted by Privacy and Civil Liberties officials from other Executive Branch departments and agencies with reporting responsibilities under the Executive Order.
California, Intelligence Fusion Centers
(U//FOUO) Northern California Fusion Center Bulletin: Sabotage Against Electricity and Telecommunications Targets
Department of Justice
Bureau of Justice Assistance Guide: Cyber Integration for Fusion Centers
This document identifies recommended actions and guidance for state and major urban area fusion centers (fusion centers) to integrate information technology, cybersecurity, and cybercrime1 prevention (cyber) intelligence and analytic capabilities. Development of these capabilities will inform local, state, and national detection, mitigation, response, recovery, investigation, and criminal prosecution activities that support and maintain the United States’ cybersecurity.
Federal Bureau of Investigation
FBI Cyber Notification: Chinese Cyber Espionage Against U.S. Government and Business Networks
The FBI is providing the following information with HIGH confidence: The FBI has obtained information regarding one or more groups of cyber actors who have compromised and stolen sensitive business information from US commercial and government networks through cyber espionage. Analysis indicates a significant amount of the computer network exploitation activities emanated from infrastructure located within China. Any activity related to these groups detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement.
Federal Bureau of Investigation
FBI Cyber Notification: FBI, TSA Analyzing Claims of Intrusion Vectors into Onboard Avionics
The FBI and TSA are currently analyzing claims in recent media reports which included statements that critical in-flight networks on commercial aircraft may be vulnerable to remote intrusion. At this time, the FBI and TSA have no information to support these claims but continue to leverage public and private sector partnerships to evaluate potential threats posed by intrusions into a commercial aircraft’s secure networks. The FBI and TSA also continuously monitor and analyze reporting on cyber and technical threats to proactively deter individuals from using remote intrusions to disrupt any portion of the aviation sector, including its business networks, critical navigation and air traffic control signals, and the onboard networks of commercial aircraft.
Department of Justice
Department of Justice Cybersecurity Unit Cyber Incident Response Best Practices
Any Internet-connected organization can fall prey to a disruptive network intrusion or costly cyber attack. A quick, effective response to cyber incidents can prove critical to minimizing the resulting harm and expediting recovery. The best time to plan such a response is now, before an incident occurs.
Department of Defense
Department of Defense Cyber Strategy April 2015
In concert with other agencies, the United States’ Department of Defense (DoD) is responsible for defending the U.S. homeland and U.S. interests from attack, including attacks that may occur in cyberspace. In a manner consistent with U.S. and international law, the Department of Defense seeks to deter attacks and defend the United States against any adversary that seeks to harm U.S. national interests during times of peace, crisis, or conflict. To this end the Defense Department has developed capabilities for cyber operations and is integrating those capabilities into the full array of tools that the United States government uses to defend U.S. national interests, including diplomatic, informational, military, economic, financial, and law enforcement tools.
Federal Bureau of Investigation
FBI Cyber Division Private Industry Notification on #OpIsrael
As of early March 2015, several extremist hacking groups indicated they would participate in a forthcoming operation, #OpIsrael, which will target Israeli and Jewish Web sites. The FBI assesses members of at least two extremist hacking groups are currently recruiting participants for the second anniversary of the operation, which started on 7 April 2013, and coincides with Holocaust Remembrance Day. These groups, typically located in the Middle East and North Africa, routinely conduct pro-extremist, anti-Israeli, and anti-Western cyber operations.