FBI Cyber Division

The #FBI seized multiple domains linked to Iranian intelligence that were actively used to facilitate cyberattacks, post stolen data, and call for the killing of regime dissidents and U.S. residents. The FBI and @TheJusticeDept will continue to defend the homeland by disrupting Iranian hacking and repression schemes that target dissidents and impact Americans. justice.gov/opa/pr/justice…

Good #cybersecurity starts with good records. Keeping reliable logs – like sign-ins, emails, cloud and device activity, and network traffic – lets you spot problems early and figure out what happened if something goes wrong. Without a good logging policy in place, malicious actors could be sitting silently on your network for months without being detected. Adversaries often try to erase logs, which is why protecting them is one of Operation Winter SHIELD’s 10 Key Defenses. Collect them in one place on a secure system. A simple habit like exporting copies daily to protected, immutable storage can make a big difference. Retain your logs based on legal and operational needs, which typically means at least 12 months. Synchronize system clocks to ensure events line up correctly, and don’t forget to check periodically that logs are being preserved. A helpful exercise: every quarter, generate a full incident timeline for a selected user and server. You will quickly identify gaps that need fixing. Learn more about #FBI’s #OWS and start building your resilience: fbi.gov/wintershield

Advancing the National Cyber Strategy demands constant engagement with the private sector. Adversaries can compromise a single entity with cascading impacts on hundreds of organizations and millions of Americans. That’s why we launched Operation Winter SHIELD, the #FBI’s most comprehensive cyber defense initiative to date. We’re providing industry with a practical roadmap to harden their networks and build resilience now – before law enforcement responds to an intrusion. fbi.gov/wintershield #OWS

The #FBI wants to help you protect your digital systems from cyber attacks. Operation Winter SHIELD offers a roadmap to strengthen the resiliency of your networks. Learn more at fbi.gov/wintershield.

When it comes to #cyber resilience, backups are your safety net – but only if they can’t be tampered with. The FBI recommends following the “3-2-1 rule”: keep at least three copies of critical data on two different media types, making sure that one copy is offline and immutable (can’t be changed or deleted). This helps protect you from attackers trying to destroy or encrypt your data during a breach. Ransomware attackers often target backups early, so protect them like any critical asset. Secure backup platforms with strong authentication and separate admin accounts, limiting access to trusted devices. Plan ahead and know what you’ll need to restore—e.g., systems, configurations, and user access—and test restorations regularly. Backups lose their value if you can’t restore systems promptly when it matters most. #FBI advisories have revealed that if your backups are poorly protected, ransomware actors will find and destroy them before encrypting your data. They even exploit vulnerable backup solutions for initial access and move quickly to delete built-in recovery options like shadow copies, making restoration harder. Don’t give attackers the leverage they seek. Resilience depends on isolated backups and tested recovery—one of Operation Winter SHIELD’s 10 Key Cyber Defenses. Learn more about #OWS – fbi.gov/wintershield. And discover how Akira ransomware actors target backups at ic3.gov/CSA/2025/25111…

#FBISanAntonio Cyber Supervisory Special Agent spoke with KXAN #Austin about Operation Winter SHIELD and the importance of keeping cyber defenses strong year-round: kxan.com/news/sxsw/cybe… A member of InfraGard infragard.fbi.gov, who is a CISO in the Healthcare & Public Health sector, also emphasized the importance of implementing the 10 Key Cyber Defenses outlined in OWS, especially when traveling to conferences. #cybersecurity #FBICyberDiv

Kwamaine Ford, an Atlanta-area resident, was indicted for targeting professional athletes, including NBA and NFL players, in an elaborate phishing, fraud, and sex trafficking scheme. Dozens of victims’ accounts and credit card details were fraudulently accessed by Ford, who used the information to fund thousands of dollars in personal expenses. justice.gov/usao-ndga/pr/g…

Are you prepared to defend yourself against cyber threats? Watch the full interview to learn more about how cybercriminals are targeting individuals and critical infrastructure, and what #YourFBI Cyber Division is doing to protect the American people from cyber attacks: youtu.be/3isTETnylB4?si…

Operation Winter SHIELD supports our nation’s cyber strategy, announced this month. Every day, #FBISanAntonio cyber squads remain on the front lines against accelerating cyber threats—investigating cybercriminals, disrupting malicious activity, seeking justice, and preventing crime. Learn more about the 10 Key Cyber Defenses outlined in OWS: fbi.gov/wintershield x.com/FBIDirectorKas…

An update on FBI Cyber’s Operation Winter Shield: In five weeks, FBI field offices conducted 364 engagements across 15 critical infrastructure sectors through Operation Winter SHIELD. We continue to build momentum after a full month of threat briefings, cyber summits, and buy-in from key industry partners. FBI cyber agents are engaged with companies across the Defense Industrial Base, as well as the Transportation, Water, Energy, and other critical sectors. Our cyber mission gives us a perspective few others have. We launched the Op to put it into action—sharing the top 10 controls organizations can implement to defend against cyber criminals and nation-state hackers. It’s a first-of-its-kind, 60-day campaign to drive measurable progress across industry, government, and critical infrastructure. These actions are based on real-world investigations and defensive gaps the FBI has repeatedly observed. The goal is to build resilience, denying the adversary easy gains and responding effectively to every attack. The op directly supports President Trump’s cyber strategy by hardening businesses, hospitals, school districts, and local governments against criminal and state-sponsored threats, shifting risk onto adversaries. More on President Trump’s Cyber Strategy at whitehouse.gov/wp-content/upl… In the coming weeks, OWS will continue to advance the Administration’s commitment to securing America’s digital future. Visit fbi.gov/wintershield and follow @FBICyberDiv to start building your resilience.

The first ever Cyber fugitive was added to the #FBI’s Ten Most Wanted Fugitives List 👇 Anibal Alexander Canelon Aguirre is wanted for allegedly leading a large international conspiracy to commit ATM “jackpotting” in support of the Tren de Aragua transnational gang, a designated foreign terrorist organization. The FBI is offering a reward of up to $1,000,000 for information leading directly to his arrest.

Today, FBI Omaha and the US Attorney's Office - District of Nebraska announced the addition of Anibal Alexander Canelon Aguirre to the FBI's Ten Most Wanted Fugitives list. As the alleged leader of an ATM jackpotting conspiracy that funneled money to Tren de Aragua, a designated foreign terrorist organization, Canelon Aguirre is the first cyber fugitive and 540th addition to the FBI’s Ten Most Wanted Fugitives list. The FBI is offering a reward of up to $1 million for information leading directly to the arrest of Anibal Alexander Canelon Aguirre. For more information, visit fbi.gov/wanted/topten/…

Securing Homeland Infrastructure by Enhancing Layered Defense, that’s the SHIELD of Operation Winter Shield, the #FBI’s campaign to help organizations improve their resilience against cyber intrusions. Learn more about the 10 actions you can take now: fbi.gov/investigate/cy…

Today the FBI released a #PSA on residential proxy networks, the risks they pose, and the steps the public can take to safeguard their devices. Cyber threat actors use residential proxies to hide their identities and locations by routing traffic through infected routers in homes and small businesses – facilitating cyberattacks, fraud, and other crimes. Click for #FBI tips to protect yourself and your Internet of Things (IoT) devices like routers, TV streaming devices, digital picture frames, smartphones, and tablets: ic3.gov/PSA/2026/PSA26…

Today the #FBI released an advisory with indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with AVrecon malware, which has targeted routers and other devices in over a hundred countries around the world, including the United States. Cybercriminals have compromised routers, installed AVrecon malware, and sold access to infected devices using the SocksEscort residential proxy service. Find technical details and recommended mitigations 👉 ic3.gov/CSA/2026/26031…

Today the #FBI and @TheJusticeDept announced an international law enforcement operation that took down SocksEscort, a global malicious proxy service, seizing dozens of servers and domains and freezing millions of dollars in cryptocurrency. Criminals infected home and small business routers with backdoors, then sold access to use them in cyberattacks, causing millions in losses. @FBISacramento is investigating the case. justice.gov/usao-edca/pr/a…

When administrator privileges are widely shared and always available, a compromised account creates a bigger risk for your organization. An attacker who steals an employee’s credentials may already have high-level access or be able to quickly obtain it and move through your network. That’s why Reducing Administrator Privileges is one of Operation Winter SHIELD’s 10 Key #Cyber Defenses. Limit administrator access to those who truly need it. Even then, admin privileges should only be used when necessary, with standard accounts used for everyday tasks. Organizations should also require temporary (“just-in-time”) access from secure devices, restrict where admin logins are permitted, and monitor for new admin accounts and privilege changes. These steps are critical to prevent attackers from gaining broad control. Our Akira ransomware advisory shows how frequently attackers can create new user accounts and add them to the administrator group, establishing a foothold in a victim’s environment. Learn about Akira ransomware TTPs: ic3.gov/CSA/2025/25111…. And follow the #FBI #OWS campaign at fbi.gov/wintershield

This week on Ahead of the Threat, the #FBI Cyber podcast, Amy Herzog, Vice President and Chief Information Security Officer at Amazon Web Services, joins Assistant Director Brett Leatherman for an expansive discussion on the importance of security fundamentals, using logging for both incident response and threat intelligence, and the FBI’s Operation Winter SHIELD. fbi.gov/video-reposito… In this episode’s Top Three segment, AD Leatherman and Jason Bilnoski, the FBI’s Deputy Assistant Director for #cyber operations, discuss the coordination between law enforcement and industry in the recent takedowns of Leakbase and Tycoon 2FA, and how AI is changing the landscape for attackers and defenders. Find all episodes and transcripts 👉 fbi.gov/news/podcasts/…

FBI Milwaukee joins the #FBI Cyber Division and field offices across the country in Operation Winter SHIELD, a cybersecurity initiative designed to strengthen the nation’s defenses against growing threats. Learn how to protect yourself and your business and help safeguard the nation from cyber-attacks that can shut down critical infrastructure and systems, hold your data for ransom, and steal your money. More information: fbi.gov/wintershield

Hostile nation-states target American technology and undermine our critical systems, while cyber criminals want to steal your money and hold your data for ransom. To help protect against these threats and defend the homeland, the #FBI launched Operation Winter SHIELD—a cyber resilience campaign highlighting key defenses organizations should implement to defend against hostile cyber actors. FBI Honolulu provides key support in getting this critical information out to our local businesses, government agencies, and communities. Visit fbi.gov/wintershield to learn more and stay ahead of the threat.