Topic: Cybersecurity

Distributed Denial of Service Attacks
Ransomware
Cyberstalking
Cyberwarfare
Artificial Intelligence
Autonomous Vehicles
Smart Devices
Social Media
Encryption
Internet of Things
Social Engineering
Dark web
Advanced Persistent Threats

We judge that narratives driven by Chinese, Iranian, and Russian state media, and proxy websites linked to these governments, often involve fact-based articles as well as editorials; these publications may include misinformation, disinformation, or factual but misrepresented information. This monthly “Snapshot” compiles English-language narratives, which we assess are intended for US and Western audiences, and highlights both consistent trends and emergent messaging, which we assess to reveal foreign actors’ changing influence priorities. We judge that, typically, China uses state and proxy media—including US-based outlets—to try to shape diaspora conduct and US public and leadership views; Iran state media manipulates emerging stories and emphasizes Tehran’s strength while denigrating US society and policy; and Russia uses both state and proxy media to amplify narratives seeking to weaken Washington’s global position relative to Moscow’s.

(U//FOUO) DHS Bulletin: Russia Cyber Threat Overview Substantive Revision

October 3, 2022

This Intelligence In View provides federal, state, local, and private sector stakeholders an overview of Russian Government-affiliated cyber activity targeting the United States and Russian regional adversaries, including disruptive or destructive cyber activity, cyber espionage in support of intelligence collection, and malign foreign influence in service of Russian political agendas. This In View also provides examples of malware and tools used by Russian Government-affiliated cyber actors.

Department of Energy Cybersecurity and Digital Components Supply Chain Deep Dive Assessment

April 26, 2022

On February 24, 2021, President Biden issued Executive Order 14017 on America’s Supply Chains directing the Secretary of Energy to submit a supply chain strategy overview report for the energy sector industrial base (as determined by the Secretary of Energy). The U.S. Department of Energy (DOE) defines the Energy Sector Industrial Base (ESIB) as the energy sector and associated supply chains that include all industries/companies and stakeholders directly and indirectly involved in the energy sector. The energy sector industrial base involves a complex network of industries and stakeholders that spans from extractive industries, manufacturing industries, energy conversion and delivery industries, end of life and waste management industries, and service industries to include providers of digital goods and services.

(U//FOUO) DHS Bulletin: Warning of Potential for Cyber Attacks Targeting the United States in the Event of a Russian Invasion of Ukraine

February 13, 2022

We assess that Russia would consider initiating a cyber attack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security. Russia maintains a range of offensive cyber tools that it could employ against US networks—from low-level denials-of-service to destructive attacks targeting critical infrastructure. However, we assess that Russia’s threshold for conducting disruptive or destructive cyber attacks in the Homeland probably remains very high and we have not observed Moscow directly employ these types of cyber attacks against US critical infrastructure—notwithstanding cyber espionage and potential prepositioning operations in the past.

(U//LES) Nevada High Intensity Drug Trafficking Area Bulletin: Dark Web and Cryptocurrency What to Look for During a Search Warrant

January 4, 2022

In June of 2021, the Nevada High Intensity Drug Trafficking Area (HIDTA) Drug Enforcement Agency (DEA) Enforcement Group 3 arrested four members of a Drug Trafficking Money Laundering Organization (DTMLO) responsible for selling millions of dollars’ worth of cocaine on the dark web and transporting it through the United States Postal Services (USPS).

(U//FOUO) FEMA COVID-19 Vaccine Sentiment Social Listening Report January 28, 2021

May 6, 2021

Debate over double masking continues to dominate online discussion. Many members of the public are frustrated with what they feel is inconsistent messaging.

(U//FOUO) FEMA COVID-19 Vaccine Sentiment Social Listening Report January 27, 2021

May 6, 2021

There are reports of increased skepticism regarding the vaccine among Latinx communities. There is a lack of trust in the guidance and policies being shared by the federal government and some state and local officials. This is causing some to feel more hesitant about receiving the vaccine.

Cybersecurity and Infrastructure Security Agency Mail-In Voting in 2020 Infrastructure Risk Assessment

September 6, 2020

All forms of voting – in this case mail-in voting – bring a variety of cyber and infrastructure risks. Risks to mail-in voting can be managed through various policies, procedures, and controls.
The outbound and inbound processing of mail-in ballots introduces additional infrastructure and technology, which increases the potential scalability of cyber attacks. Implementation of mail-in voting infrastructure and processes within a compressed timeline may also introduce new risk. To address this risk, election officials should focus on cyber risk management activities, including access controls and authentication best practices when implementing expanded mail-in voting.

(U//FOUO) DHS Bulletin: Russia Likely to Continue Seeking to Undermine Faith in US Electoral Process

September 6, 2020

We assess that Russia is likely to continue amplifying criticisms of vote-by-mail and shifting voting processes amidst the COVID-19 pandemic to undermine public trust in the electoral process. Decisions made by state election officials on expanding vote-by-mail and adjusting in-person voting to accommodate challenges posed by COVID-19 have become topics of public debate. This public discussion represents a target for foreign malign influence operations that seeks to undermine faith in the electoral process by spreading disinformation about the accuracy of voter data for expanded vote-by-mail, outbound/inbound mail ballot process, signature verification and cure process, modifying scale of in-person voting, and safety and health concerns at polling places, according to CISA guidance documents provided to state and local election officials.

(U//FOUO) DHS Bulletin: Cybercriminals See Opportunity to Exploit Online Distance Learning Platforms and Users

May 17, 2020

Most US school districts as of 23 March 2020 are and will remain closed until the end of the academic school year or “until further notice” because of COVID-19, according to data provided by a Maryland-based online publication that provides scholastic news and analysis. This Article assumes that while pre-kindergarten through 12th grade schools, institutions of higher education, and business and trade schools are closed, many are relying on internet-enabled distance learning (eLearning) alternatives in place of traditional classroom instruction.

(U//FOUO) DHS Bulletin: APT Actors Likely View Zoom Vulnerabilities as Opportunity to Threaten Public and Private Sector Entities

May 7, 2020

APT actors likely will identify new or use existing vulnerabilities in Zoom to compromise user devices and accounts for further exploitation of corporate networks. This judgment includes critical infrastructure entities using Zoom. We base this judgment on recent public exposure of Zoom’s numerous vulnerabilities. While vendors regularly publish patches for vulnerabilities, reports indicate there are instances in which users and organizations delay updates. The patching process is undermined by APT actors who often capitalize on delays and develop exploits based on the vulnerability and available patches.

FBI Cyber Bulletin: Website Defacement Activity Indicators of Compromise and Techniques Used to Disseminate Pro-Iranian Messages

January 21, 2020

Following last week’s US airstrikes against Iranian military leadership, the FBI observed increased reporting of website defacement activity disseminating Pro-Iranian messages. The FBI believes several of the website defacements were the result of cyber actors exploiting known vulnerabilities in content management systems (CMSs) to upload defacement files.

(U//FOUO) DHS-FBI-NCTC Bulletin: Escalating Tensions Between the United States and Iran Pose Potential Threats to the Homeland

January 20, 2020

This Joint Intelligence Bulletin (JIB) is intended to assist federal, state, local, tribal, and territorial counterterrorism, cyber, and law enforcement officials, and private sector partners, to effectively deter, prevent, preempt, or respond to incidents, lethal operations, or terrorist attacks in the United States that could be conducted by or on behalf of the Government of Iran (GOI) if the GOI were to perceive actions of the United States Government (USG) as acts of war or existential threats to the Iranian regime.

FBI Cyber Bulletin: Targeting of Audio and Visual Communication Devices on Business Networks to Identify Vulnerabilities for Exploitation

August 6, 2019

The FBI identified incidents over the past few months in which cyber actors scanned for and sought to exploit audio and visual communication devices on networks to identify vulnerabilities which could later be used to gain access and unlawfully acquire information about the organization. In addition to targeting corporate information, vulnerable devices may be targeted for compromise for use in botnets or other criminal activities. The types of devices targeted include: Voice over Internet Protocol (VoIP) phones, video conferencing equipment, conference phones, VoIP routers, and cloud-based communication systems. While cyber actors have targeted VoIP and other communication devices in the past, the FBI continues to see these devices scanned by cyber actors for vulnerabilities.

Senate Intelligence Committee Report on Russian Efforts Against Election Infrastructure in the 2016 Election

July 30, 2019

From 2017 to 2019, the Committee held hearings, conducted interviews, and reviewed intelligence related to Russian attempts in 2016 to access election infrastructure. The Committee sought to determine the extent of Russian activities, identify the response of the U.S. Government at the state, local, and federal level to the threat, and make recommendations on how to better prepare for such threats in the future. The Committee received testimony from state election officials, Obama administration officials, and those in the Intelligence Community and elsewhere in the U.S. Government responsible for evaluating threats to elections.

(U//FOUO) Joint Staff Briefing Paper on China’s “System Attack” Concept of Warfare

July 18, 2019

China plans to defeat powerful adversaries by systematically targeting the linkages and nodes that hold an advanced network-centric force together as a cohesive whole. The PLA calls this theory of victory “systems attack and destruction warfare,” hereafter, “system attack. Authoritative PLA doctrine emphasizes importance of system attack as China’s “basic operational method” of warfare. System attack is perhaps best remembered as “the American way of war with Chinese characteristics,” since the PLA developed the concept based on observing U.S. military victories In the 1990s. Some of the PLA’s writings on systems attack are clearly aspirational, but this does not preclude the effectiveness of the approach, and the doctrine shows that the Pl.A is thinking seriously and realistically about how to defeat.an advanced adversary. The requirements of system attack are actively driving PLA reform, acquisitions, operations and training, and the doctrine telegraphs how Chine intends to fight.

FBI Private Sector Report: US Adversaries Exploit Social Media Information to Target US Individuals and Government Clearance Holders

June 17, 2019

The FBI’s Washington Field Office, in coordination with the FBI’s Office of Private Sector (OPS), is informing private sector partners regarding foreign intelligence services’ (FIS) exploitation of social media platforms and data to target corporate and US government (USG) clearance holders. FIS and US adversary intelligence officers are using popular US-based social media platforms to identify, recruit, and conduct operations against USG clearance holders, to include private sector employees or contractors supporting the USG. FIS officers will use popular US-based platforms and their respective countries’ social media platforms for personal and intelligence gathering/operations purposes.

(U//FOUO) FBI Counterintelligence Note: Update on Huawei Chinese Government-Subsidized Telecommunications Company March 2018

May 6, 2019

With the expanded use of Huawei Technologies Inc. equipment and services in US telecommunications service provider networks, the Chinese Government’s potential access to US business communications is dramatically increasing. China’s intelligence services and Chinese cyber actors could exploit Chinese Government-supported telecommunication equipment on US networks operating as an advanced persistent threat. China makes no secret that its cyber warfare strategy is predicated on controlling global communications network infrastructure.

FBI Cyber Bulletin: Spearphishing Campaigns Against Students at Multiple Universities

March 19, 2019

The FBI has identified successful spearphishing campaigns directed at college and university students, especially during periods when financial aid funds are disbursed in large volumes. In general, the spearphishing emails request students’ login credentials for the University’s internal intranet. The cyber criminals then capture students’ login credentials, and after gaining access, change the students’ direct deposit destination to bank accounts within the threat actor’s control.

(U//FOUO) National Domestic Communications Assistance Center Presentation: Quantifying Law Enforcement’s “Going Dark” Problem

February 26, 2019

As a result of the fundamental shift in communications services and technologies, criminal and national security investigations are unable to obtain needed evidence and intelligence despite having the legal authority to do so.

U.S. Army Future Warfare Division White Paper: Operationalizing Robotic and Autonomous Systems in Support of Multi-Domain Operations

February 18, 2019

Robotic and Autonomous Systems (RAS) and artificial intelligence (AI) are fundamental to the future Joint Force realizing the full potential of Multi-Domain Operations (MDO 1.5). These systems, in particular AI, offer the ability to outmaneuver adversaries across domains, the electromagnetic (EM) spectrum, and the information environment. The employment of these systems during competition allows the Joint Force to understand the operational environment (OE) in real time, and thus better employ both manned and unmanned capabilities to defeat threat operations meant to destabilize a region, deter escalation of violence, and turn denied spaces into contested spaces. In the transition from competition to armed conflict, RAS and AI maneuver, fires, and intelligence, surveillance, and reconnaissance (ISR) capabilities provide the Joint Force with the ability to deny the enemy’s efforts to seize positions of advantage.

Czech Republic National Cyber and Information Security Agency Warning on Huawei and ZTE

February 10, 2019

The legal and political environment of the People’s Republic of China (“PRC”) in which the companies primarily operate and whose laws are required to comply with, requires private companies to cooperate in meeting the interests of the PRC, including participation in intelligence activities etc. At the same time, these companies usually do not refrain from such cooperation with the state; in this environment, efforts to protect customers’ interests at the expense of the interests of the PRC are significantly reduced. According to available information, there is an organizational and personal link between these companies and the state. Therefore, this raises concerns that the interests of the PRC may be prioritized over the interests of the users of these companies’ technologies.

The U.S. Army in Multi-Domain Operations 2028

December 30, 2018

From Multi-Domain Battle to Multi-Domain Operations. TRADOC Pamphlet 525-3-1, The U.S. Army in Multi-Domain Operations 2028 expands upon the ideas previously explained in Multi-Domain Battle: Evolution of Combined Arms for the 21st Century. It describes how the Army contributes to the Joint Force’s principal task as defined in the unclassified Summary of the National Defense Strategy: deter and defeat Chinese and Russian aggression in both competition and conflict. The U.S. Army in Multi-Domain Operations concept proposes detailed solutions to the specific problems posed by the militaries of post-industrial, information-based states like China and Russia. Although this concept focuses on China and Russia, the ideas also apply to other threats.

Dutch Ministry of Defence Presentation: GRU Close Access Cyber Operation Against OPCW

October 7, 2018

A presentation from October 2018 produced by the Dutch Ministry of Defense describing the Russian Main Intelligence Directorate’s cyber operations against the Organisation for the Prohibition of Chemical Weapons.

Page 1 of 3

1 2 3 »

Drug Enforcement Administration, Nevada

Federal Bureau of Investigation, Iran

Department of Homeland Security, Federal Bureau of Investigation, National Counterterrorism Center

China, Federal Bureau of Investigation

China, Czech Republic

Netherlands, Russia